Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection
Vulnerability Description
Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec[post_id] POST parameter in the mec_fes_form AJAX action when logged in as an author+, leading to an authenticated SQL Injection issue.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Wordpress Modern Events Calendar Lite SQL注入漏洞
Vulnerability Description
Wordpress Modern Events Calendar Lite是 (Wordpress)开源的一个应用插件。该插件用于管理事件网站的最佳工具。 Wordpress Modern Events Calendar Lite before 5.16.6 存在SQL注入漏洞,该漏洞源于当以作者身份登录时,没有清除mec_fes_form mec[post_id]参数。
CVSS Information
N/A
Vulnerability Type
N/A