Unrated severityNVD Advisory· Published Feb 1, 2022· Updated Aug 3, 2024

Perfect Survey < 1.5.2 - Unauthenticated SQL Injection

CVE-2021-24762

Description

The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.

Affected products

Unknown/Perfect Surveyv5
Range: 1.5.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/166072/WordPress-Perfect-Survey-1.5.1-SQL-Injection.htmlmitrex_refsource_MISC
wpscan.com/vulnerability/c1620905-7c31-4e62-80f5-1d9635be11admitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.069
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000