SQL Injection Vulnerability in Download-Mirror-Counter Allows for Attacks
CVE-2024-51621

8.5HIGH

Key Information:

Vendor: WordPress
Status: Download-mirror-counter
Vendor: CVE Published:; 9 November 2024

What is CVE-2024-51621?

The Reza Sh Download-Mirror-Counter Plugin is vulnerable to an SQL injection attack due to improper neutralization of special elements used in SQL commands. This flaw allows attackers to manipulate backend database queries by injecting malicious SQL code. The vulnerability impacts all versions of the Download-Mirror-Counter Plugin up to version 1.1, thereby exposing websites to unauthorized data access and potential compromise. Web administrators should take immediate action to apply patches and secure their installations against this type of injection attack.

Affected Version(s)

Download-Mirror-Counter <= 1.1

References

https://patchstack.com/database/vulnerability/wp-download...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2024
Vulnerability Reserved
Oct 30, 2024

Credit

LVT-tholv2k (Patchstack Alliance)