Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-24827SQL Injection in Forum

CWE-89SQL Injection5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
67.7%
top 1.41%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Asgaros Forum
Timeline
PublishedNov 8
Latest updateMay 24

Description

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDasgaros/asgaros_forum< 1.15.13

Patches

Patch: plugins.trac.wordpress.orgPatch: plugins.trac.wordpress.org

🔴Vulnerability Details

3
GHSA
GHSA-65r7-qmhv-jjr3: The Asgaros Forum WordPress plugin before 12022-05-24
CVEList
Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection2021-11-08
VulnCheck
asgaros asgaros_forum Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')2021

💥Exploits & PoCs

1
Nuclei
WordPress Asgaros Forum <1.15.13 - SQL Injection
CVE-2021-24827 — SQL Injection in Asgaros Forum | cvebase