Vulnerabilities > CVE-2021-24404 - Unspecified vulnerability in Wp-Board Project Wp-Board 1.1

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wp-board-project

NVD

Published: 2021-09-20

Updated: 2024-11-21

Summary

The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so if we pass time as 5 seconds it takes 10 seconds to return since the query ran twice.

Vulnerable Configurations

Part	Description	Count
Application	Wp-Board_Project WP Board Project WP Board - WP Board Project WP Board 1.1	2

References

https://codevigilant.com/disclosure/2021/wp-plugin-wp-board/
https://codevigilant.com/disclosure/2021/wp-plugin-wp-board/
https://wpscan.com/vulnerability/a86240e1-f064-4972-9f97-6b349fdd57f6
https://wpscan.com/vulnerability/a86240e1-f064-4972-9f97-6b349fdd57f6