exploitDog

CVE-2014-8749

Опубликовано: 01 дек. 2014

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.

Комментарий

CWE-918: Server-Side Request Forgery (SSRF)

Ссылки

http://seclists.org/fulldisclosure/2014/Nov/13
https://wordpress.org/plugins/bulletproof-security/changelog/
Patch
Vendor Advisory
http://seclists.org/fulldisclosure/2014/Nov/13
https://wordpress.org/plugins/bulletproof-security/changelog/
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ait-pro:bulletproof_security:*:*:*:*:*:wordpress:*:*

Версия до .51 (включая)

EPSS

Процентиль: 63%

0.00448

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-gjmw-hpv9-9598

github

больше 3 лет назад

Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.

EPSS

Процентиль: 63%

0.00448

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo