Multiple SQL Injection Vulnerability in Support Board Version 3.3.3 that allow remote unauthenticated attacker to execute arbitrary SQL commands via status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id parameters to ajax.php which is connected to functions.php which the vulnerability is present.
CVE-2021-24741 Multiple SQL Injection (Unauthenticated) in Support Board v 333 Description Support Board V 333 Multiple SQL Injection Vulnerability in Support Board Version 333 that allow remote unauthenticated attacker to execute arbitrary SQL commands via status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id parameters to ajaxphp