CVE-2022-2840

Summary

The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections

Affected Software

VendorProductVersion RangeStatus
UnknownZephyr Project Manager3.2.5 < 3.2.5affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References