24 Nov 2021
Vulnérabilité CVE-2021-36916 CVE Vulnerability
The SQL injection vulnerability in the Hide My WP WordPress plugin (versions
Vulnerability Details : The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible. Publish Date : 2021-11-24 Last Update Date : 2021-11-24 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2021-36916
- References For CVE-2021-36916 | |||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2021-36916There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |