Source |
CVE Liste |
Identifiant |
2801329 |
Date de publication |
2021-05-17 17:15:08 (vue: 2021-05-17 19:05:45) |
Titre |
CVE-2021-24295 |
Texte |
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset. |
Envoyé |
Oui |
Condensat |
153 2021 24295 agent antispam based before being blind cleantalk cookie cookies could cve disallowing exploit firewall from function header included initial injected injection key lib/cleantalk/apbctwp/firewall/sfw log manipulating manually obtain pass passed php plugin possible protection query request reset sending separate set setting sfw spam sql then time unauthenticated update user vulnerability vulnerable wordpress |
Tags |
Spam
Vulnerability
|
Stories |
|
Notes |
|
Move |
|