CVE-2021-24844

CVE-2021-24844: Affiliate Manager < 2.8.7 - Admin+ SQL injection

Vendor Unknown

Product Affiliates Manager

Weakness CWE-89 · SQLi

Published November 8, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue

Key dates

02Disclosure timeline

November 8, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24844

Related vulnerabilities

04Related CVE

CVE-2024-45794 SQL Injection in CreateUser API in devtron CVE-2014-125085 Gimmie Plugin trigger_ratethread.php sql injection CVE-2026-4825 SourceCodester Sales and Inventory System HTTP GET Parameter update_sales.php sql injection CVE-2021-21930 CVE-2022-23169 Amodat - Mobile Application Gateway SQL Injection (SQLi)