📚 CVE-2020-9006 | Popup Builder Plugin up to 2.6.7.6 on WordPress Administrator Account sg_popup_ajax.php sgImportPopups attachmentUrl sql injection

A vulnerability, which was classified as critical, was found in Popup Builder Plugin up to 2.6.7.6 on WordPress. This affects the function sgImportPopups of the file sg_popup_ajax.php of the component Administrator Account. The manipulation of the argument attachmentUrl as part of Variable leads to sql injection. This vulnerability is uniquely identified as CVE-2020-9006. It is possible to initiate the attack remotely. There is no exploit available. ...