Описание
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-3961
- https://wordpress.org/plugins/participants-database/changelog
- https://www.yarubo.com/advisories/1
- http://osvdb.org/show/osvdb/107626
- http://packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.html
- http://seclists.org/fulldisclosure/2014/Jun/0
- http://www.exploit-db.com/exploits/33613
- http://www.securityfocus.com/bid/67769
Связанные уязвимости
nvd
больше 11 лет назад
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.