First published: Thu Mar 18 2021(Updated: )
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wowonder Wowonder | <3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-26935 is a vulnerability in WoWonder < 3.1 that allows remote attackers to gain access to the database by exploiting a SQL Injection vulnerability.
CVE-2021-26935 has a severity score of 7.5 (high).
WoWonder versions up to but excluding 3.1 are affected by CVE-2021-26935.
The vulnerability CVE-2021-26935 can be exploited by sending a malicious SQL injection payload through the event_id parameter in the requests.php?f=search-my-followers endpoint of WoWonder.
Yes, you can find references for CVE-2021-26935 at the following URLs: [link1](https://securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-26935) and [link2](https://www.exploit-db.com/exploits/49657)