CVE-2013-3532

Опубликовано: 10 мая 2013

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter.

Ссылки

http://osvdb.org/92264
http://packetstormsecurity.com/files/121250/WordPress-Spider-Video-Player-2.1-SQL-Injection.html
Exploit
http://packetstormsecurity.com/files/128851/WordPress-HTML5-Flash-Player-SQL-Injection.html
Exploit
http://www.securityfocus.com/bid/59021
Exploit
http://www.securityfocus.com/bid/70763
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/83374
https://exchange.xforce.ibmcloud.com/vulnerabilities/98332
http://osvdb.org/92264
http://packetstormsecurity.com/files/121250/WordPress-Spider-Video-Player-2.1-SQL-Injection.html
Exploit
http://packetstormsecurity.com/files/128851/WordPress-HTML5-Flash-Player-SQL-Injection.html
Exploit
http://www.securityfocus.com/bid/59021
Exploit
http://www.securityfocus.com/bid/70763
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/83374
https://exchange.xforce.ibmcloud.com/vulnerabilities/98332

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:webdorado:spider_video_player:2.1:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05926

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-pv4v-x6g5-c665

github

около 3 лет назад