CVE-2018-1304 was discovered in GDPR 2.1-DEV-rev368-gfd054169b-master, a plugin that exposes a plugin API to 3rd party developers via PHP. An attacker could exploit this vulnerability by pulling data via the plugin API and injecting the data into the database.
The vulnerability is located in GDPR_INTERFACE_PLUGIN_API.php, where it takes the input provided (input) and uses it to create a link which is then stored in dfpmode.php.
Published on: 10/19/2022 14:15:00 UTC
Last modified on: 10/20/2022 20:35:00 UTC