Vulnerabilities > CVE-2021-24497 - Unspecified vulnerability in Satollo Giveaway

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

satollo

NVD

Published: 2021-08-23

Updated: 2024-11-21

Summary

The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $post_id on the options.php page.

Vulnerable Configurations

Part	Description	Count
Application	Satollo Satollo Giveaway - Satollo Giveaway 1.0 Satollo Giveaway 1.1.1 Satollo Giveaway 1.1.2 Satollo Giveaway 1.2.0 Satollo Giveaway 1.2.1 Satollo Giveaway 1.2.2	7

References

https://wpscan.com/vulnerability/a1cf08fe-943a-4f14-beb0-25216011b538
https://wpscan.com/vulnerability/a1cf08fe-943a-4f14-beb0-25216011b538