CVE-2023-4776

Posted on by admin

CVE-2023-4776

The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.

Source: CVE-2023-4776

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다