| |
Vulnerability CVE-2023-2744
Published: 2023-06-27
Description: |
The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. |
See advisories in our WLB2 database: | Topic | Author | Date |
Med. |
| Arvandy | 16.10.2023 |
Type:
CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))
References: |
https://wpscan.com/vulnerability/435da8a1-9955-46d7-a508-b5738259e731
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|