CVE-2021-24848

CVE-2021-24848: Mediamatic < 2.8.1 - Subscriber+ SQL Injection

Vendor Unknown

Product Mediamatic – Media Library Folders

Weakness CWE-89 · SQLi

Published December 13, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection

Key dates

02Disclosure timeline

December 13, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24848 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2026-6978 JiZhiCMS addcache.html htmlspecialchars_decode sql injection CVE-2023-2371 SourceCodester Online DJ Management System GET Parameter view_details.php sql injection CVE-2024-13534 Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection CVE-2025-9669 Jinher OA GetTreeDate.aspx sql injection CVE-2024-51608 WordPress AmaDiscount Plugin plugin <= 1.0 - SQL Injection vulnerability