CVE-2013-3478

Опубликовано: 05 мар. 2014

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php.

Комментарий

Based on information provided in the reference CVE-2013-3478 is being processed as a SQL injection vulnerability.

Ссылки

http://secunia.com/advisories/51344
Permissions Required
Vendor Advisory
http://www.securityfocus.com/bid/59845
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/84239
http://secunia.com/advisories/51344
Permissions Required
Vendor Advisory
http://www.securityfocus.com/bid/59845
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/84239

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apptha:video_gallery_plugin:1.6:*:*:*:*:wordpress:*:*

cpe:2.3:a:apptha:video_gallery_plugin:2.0:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 72%

0.00713

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-7phg-3439-wh4j

github

больше 3 лет назад