CVE-2021-24758

CVE-2021-24758: Email Log < 2.4.7 - Admin+ SQL Injection

Vendor Unknown

Product Email Log

Weakness CWE-89 · SQLi

Published November 17, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections

Key dates

02Disclosure timeline

November 17, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24758 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2017-20143 Itech Movie Portal Script film-rating.php Error sql injection CVE-2022-2214 SourceCodester Library Management System bookdetails.php sql injection CVE-2026-5665 code-projects Online FIR System Login checklogin.php sql injection CVE-2022-0785 Daily Prayer Time < 2022.03.01 - Unauthenticated SQLi CVE-2014-2351 CSWorks SQL Injection