Vulnerabilities > CVE-2021-24741 - Unspecified vulnerability in Schiocco Support Board - Chat and Help Desk 1.2.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading to SQL injections which are exploitable by unauthenticated users.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- https://board.support/changes
- https://board.support/changes
- https://medium.com/%40lijohnjefferson/multiple-sql-injection-unauthenticated-in-support-board-v-3-3-3-3e9b4214a4f9
- https://medium.com/%40lijohnjefferson/multiple-sql-injection-unauthenticated-in-support-board-v-3-3-3-3e9b4214a4f9
- https://wpscan.com/vulnerability/ccf293ec-7607-412b-b662-5e237b8690ca
- https://wpscan.com/vulnerability/ccf293ec-7607-412b-b662-5e237b8690ca