The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
References
Link | Resource |
---|---|
https://github.com/seopanel/Seo-Panel/issues/209 | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/162322/SEO-Panel-4.8.0-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2021-03-18 05:15
Updated : 2021-04-27 11:36
NVD link : CVE-2021-28419
Mitre link : CVE-2021-28419
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
seopanel
- seo_panel