CZ Loan Management 漏洞列表

WordPress是一款流行的开源内容管理系统（CMS），广泛用于创建网站和博客。CZ Loan Management是WordPress的一个插件，用于管理贷款相关功能。在CZ Loan Management插件版本1.1及以下版本中，存在未授权的SQL注入漏洞。攻击者可以通过该漏洞在未授权的情况下执行恶意SQL语句，从而获取敏感数据或对数据库进行破坏。

The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

Wordpress插件 CZ Loan Management存在sql注入漏洞，该漏洞是由于对selectedperiod参数的值验证不当导致的。