cleantalk
Vulnerabilities and Security Researches

SEUR Oficial, CVE-2024-9201

CVE, Research URL

CVE-2024-9201

Home page URL

Security reports for SEUR Oficial

Application

SEUR Oficial

Published on
Oct 10, 2024
Research Description
The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint.
Affected versions
Min -, max 2.2.11.
Status
vulnerable
Previous vulnerability researches
SEUR Oficial (CVE-2025-46474) , May 05, 2025
SEUR Oficial (CVE-2021-25005) , Jun 07, 2024
SEUR Oficial (CVE-2021-25004) , Jun 07, 2024
SEUR Oficial (CVE-2024-9201) , Oct 20, 2024
SEUR Oficial (CVE-2024-9438) , Oct 30, 2024
New vulnerability
Absolute Links (CVE-2025-43833) , May 05, 2025
List Children (CVE-2025-4099) , May 05, 2025
Libro de Reclamaciones (CVE-2025-46446) , May 05, 2025
Enhanced Paypal Shortcodes (CVE-2025-46543) , May 05, 2025
My Custom Widgets (CVE-2025-46526) , May 05, 2025