CVE-2021-26830

SQL Injection in packagist/tribalsystems/zenario

Identifier

CVE-2021-26830

Package Slug

packagist/tribalsystems/zenario

Vulnerability

SQL Injection

Description

SQL Injection in Tribalsystems Zenario CMS allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module.

Affected Versions

Version 8.8.52729

Solution

Upgrade to version 8.8.53370 or above.

Last Modified

2021-04-21

source