CVE-2021-24747

CVE-2021-24747: SEO Booster < 3.8 - Admin+ SQL Injection

Vendor Unknown

Product SEO Booster

Weakness CWE-89 · SQLi

Published December 13, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly escaped leading to blind and error-based SQL injections.

Key dates

02Disclosure timeline

December 13, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24747 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2023-0706 SourceCodester Medical Certificate Generator App manage_record.php sql injection CVE-2022-50593 Advantech iView < v5.7.04 Build 6425 search_term Parameter SQL Injection RCE CVE-2025-7590 PHPGurukul Dairy Farm Shop Management System edit-category.php sql injection CVE-2025-14589 code-projects Prison Management System search.php sql injection CVE-2024-5381 itsourcecode Student Information Management System view.php sql injection