What is CVE-2021-24762?

CVE-2021-24762 is a vulnerability in Perfect Survey, classified under SQL Injection. Published 2022-02-01.

Is CVE-2021-24762 known to be exploited?

20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Perfect Survey

CVE-2021-24762

The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.

Vulnerability class: SQL Injection

EPSS: 0.857 (99.4th percentile) — read the EPSS interpretation.

Affected products

Unknown Perfect Survey — versions 1.5.2

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/c1620905-7c31-4e62-80f5-1d9635be11ad (x_refsource_MISC)
packetstormsecurity.com/files/166072/WordPress-Perfect-Survey-1.5.1-SQL-Injecti… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24762?: CVE-2021-24762 is a vulnerability in Perfect Survey, classified under SQL Injection. Published 2022-02-01.
Is CVE-2021-24762 known to be exploited?: 20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.