What is CVE-2021-24741?

CVE-2021-24741 is a vulnerability in Support Board, classified under SQL Injection. Published 2021-09-20.

Is CVE-2021-24741 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Support Board

CVE-2021-24741

The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id) before using them in SQL statements, leading t…

Vulnerability class: SQL Injection

EPSS: 0.583 (98.2th percentile) — read the EPSS interpretation.

Affected products

Unknown Support Board — versions 3.3.4

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

medium.com/@lijohnjefferson/multiple-sql-injection-unauthenticated-in-support-b… (x_refsource_MISC)
wpscan.com/vulnerability/ccf293ec-7607-412b-b662-5e237b8690ca (x_refsource_MISC)
board.support/changes (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24741?: CVE-2021-24741 is a vulnerability in Support Board, classified under SQL Injection. Published 2021-09-20.
Is CVE-2021-24741 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.