CVE-2021-24141

CWE-89SQL Injection3 documents3 sources
Severity
7.2HIGH
EPSS
0.5%
top 32.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Advanced Database CleanerSigmaplugin Advanced Database Cleaner
Timeline
PublishedMar 18
Latest updateMay 24

Description

Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/advanced_database_cleaner3.0.23.0.2

🔴Vulnerability Details

2
GHSA
GHSA-6h67-c8r4-fr78: Unvaludated input in the Advanced Database Cleaner plugin, versions before 32022-05-24
CVEList
Advanced Database Cleaner < 3.0.2 - Authenticated SQL injection2021-03-18
CVE-2021-24141 (HIGH CVSS 7.2) | Unvaludated input in the Advanced D | cvebase.io