Unrated severityNVD Advisory· Published Jun 14, 2021· Updated Aug 3, 2024
Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection
CVE-2021-24341
Description
When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the year_number and month_number POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Xllentech English Islamic Calendardescription
- Range: <2.6.8
Patches
Vulnerability mechanics
References
2- codevigilant.com/disclosure/2021/xllentech-english-islamic-calendar/mitrex_refsource_MISC
- wpscan.com/vulnerability/1eba1c73-a19b-4226-afec-d27c48388a04mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.