exploitDog

CVE-2015-5308

Опубликовано: 02 нояб. 2015

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter.

Ссылки

http://www.vapid.dhs.org/advisory.php?v=155
Exploit
https://wpvulndb.com/vulnerabilities/8221
Exploit
Vendor Advisory
http://www.vapid.dhs.org/advisory.php?v=155
Exploit
https://wpvulndb.com/vulnerabilities/8221
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp-championship_project:wp-championship:5.8:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 76%

0.00925

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-v8f7-xwpc-f4vx

github

больше 3 лет назад

Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter.

EPSS

Процентиль: 76%

0.00925

Низкий

7.5 High

CVSS2

Дефекты

CWE-89