Описание
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-9175
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98928
- http://packetstormsecurity.com/files/129232/WordPress-wpDataTables-1.5.3-SQL-Injection.html
- http://www.exploit-db.com/exploits/35340
- http://www.homelab.it/index.php/2014/11/23/wordpress-wpdatatables-sql-injection-vulnerability
- http://www.securityfocus.com/bid/71271
Связанные уязвимости
nvd
около 11 лет назад
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.