One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 2801329 |
| Date de publication | 2021-05-17 17:15:08 (vue: 2021-05-17 19:05:45) |
| Titre | CVE-2021-24295 |
| Texte | It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via the User-Agent Header by manipulating the cookies set by the Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.153.4, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset. |
| Envoyé | Oui |
| Condensat | 153 2021 24295 agent antispam based before being blind cleantalk cookie cookies could cve disallowing exploit firewall from function header included initial injected injection key lib/cleantalk/apbctwp/firewall/sfw log manipulating manually obtain pass passed php plugin possible protection query request reset sending separate set setting sfw spam sql then time unauthenticated update user vulnerability vulnerable wordpress |
| Tags | Spam Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.