CVE-2014-100022

Опубликовано: 13 янв. 2015

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php.

Ссылки

http://secunia.com/advisories/57491
https://exchange.xforce.ibmcloud.com/vulnerabilities/91950
https://security.dxw.com/advisories/admin-xss-and-sqli-in-mtouch-quiz-3-0-6/
Exploit
https://wordpress.org/plugins/mtouch-quiz/changelog/
Patch
http://secunia.com/advisories/57491
https://exchange.xforce.ibmcloud.com/vulnerabilities/91950
https://security.dxw.com/advisories/admin-xss-and-sqli-in-mtouch-quiz-3-0-6/
Exploit
https://wordpress.org/plugins/mtouch-quiz/changelog/
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mtouch_quiz_project:mtouch_quiz:*:*:*:*:*:wordpress:*:*

Версия до 3.0.6 (включая)

EPSS

Процентиль: 62%

0.00424

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-rpwr-hhr2-79xf

github

больше 3 лет назад