CVE-2015-2314

Опубликовано: 17 мар. 2015

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.

Ссылки

http://klikki.fi/adv/wpml.html
Exploit
http://packetstormsecurity.com/files/130810/WordPress-WPML-XSS-Deletion-SQL-Injection.html
Exploit
http://seclists.org/fulldisclosure/2015/Mar/71
Exploit
http://wpml.org/2015/03/wpml-security-update-bug-and-fix/
Vendor Advisory
http://www.osvdb.org/119541
http://www.securityfocus.com/archive/1/534862/100/0/threaded
http://klikki.fi/adv/wpml.html
Exploit
http://packetstormsecurity.com/files/130810/WordPress-WPML-XSS-Deletion-SQL-Injection.html
Exploit
http://seclists.org/fulldisclosure/2015/Mar/71
Exploit
http://wpml.org/2015/03/wpml-security-update-bug-and-fix/
Vendor Advisory
http://www.osvdb.org/119541
http://www.securityfocus.com/archive/1/534862/100/0/threaded

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpml:wpml:*:*:*:*:*:wordpress:*:*

Версия до 3.1.8 (включая)

EPSS

Процентиль: 96%

0.22718

Средний

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-pqx7-h7jx-cfmc

github

больше 3 лет назад