CRM Perks CRM Perks Forms (affected versions 1.1.4 and earlier) contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. [已公开] id: CVE-2024-30498 info: name: CRM Perks Forms <= 1.1.4 - SQL Injection author: Shivam Kamboj severity: critical description: | CRM Perks CRM Perks Forms (affected versions 1.1.4 and earlier) contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. impact: | Attackers can execute arbitrary SQL commands, potentially leading to data theft, data tampering, or database compromise. remediation: | Update to the latest version of CRM Perks Forms, version 1.1.5 or later. reference: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/crm-perks-forms/crm-perks-forms-114-unauthenticated-sql-injection - https://patchstack.com/database/wordpress/plugin/crm-perks-forms/vulnerability/wordpress-crm-perks-forms-plugin-1-1-4-unauthenticated-sql-injection-vulnerability - https://nvd.nist.gov/vuln

CRM Perks Forms

POC: 已公开