Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 12/02/2024 Updated: 12/02/2024

The Smart Manager WordPress plugin prior to 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

CVE-2024-0566 Smart Manager 8270 - Post-Authenticated SQL Injection Exploit Title: Smart Manager 8270 - Post-Authenticated SQL Injection Date: 2024-01-18 Exploit Author: Ivan Spiridonov - xbz0n Vendor Homepage: wwwstoreappsorg/ Software Link: wwwstoreappsorg/product/smart-manager/ Version: 8270 Tested on: Ubuntu 2204 CVE: CVE-2024-0566 SQL Injection T

https://wpscan.com/vulnerability/ca83db95-4a08-4615-aa8d-016022404c32/https://nvd.nist.gov https://github.com/xbz0n/CVE-2024-0566

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-0566

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect