CVE-2024-6723 | THREATINT

Description

The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing chatbot discussions.

PUBLISHED Reserved 2024-07-12 | Published 2024-09-13 | Updated 2024-09-13 | Assigner WPScan

Problem types

CWE-89 SQL Injection

Product status

Default status

unaffected

Any version before 2.4.8

affected

Credits

Karolis Narvilas finder

WPScan coordinator

References

wpscan.com/...rability/fbd2152e-0aa1-4b56-a6a3-2e6ec78e08a5/ exploit vdb-entry technical-description

cve.org (CVE-2024-6723)

nvd.nist.gov (CVE-2024-6723)

Download JSON