What is CVE-2021-24827?

CVE-2021-24827 is a vulnerability in Asgaros Forum, classified under SQL Injection. Published 2021-11-08.

Is CVE-2021-24827 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Asgaros Forum

CVE-2021-24827

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue

Vulnerability class: SQL Injection

EPSS: 0.677 (98.6th percentile) — read the EPSS interpretation.

Affected products

Unknown Asgaros Forum — versions 1.15.13

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates
20142995/sectool
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
l0928h/kate

References

wpscan.com/vulnerability/36cc5151-1d5e-4874-bcec-3b6326235db1 (x_refsource_MISC)
plugins.trac.wordpress.org/changeset/2611560/asgaros-forum (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-24827?: CVE-2021-24827 is a vulnerability in Asgaros Forum, classified under SQL Injection. Published 2021-11-08.
Is CVE-2021-24827 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.