Unrated severityNVD Advisory· Published Jul 30, 2024· Updated Aug 1, 2024

CZ Loan Management <= 1.1 - Unauthenticated SQLi

CVE-2024-5975

Description

The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

Affected products

WordPress/CZ Loan Managementdescription
CZ Loan Management/CZ Loan Managementllm-create
Range: <=1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/68f81943-b007-49c8-be9c-d0405b2ba4cf/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.035
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000