CVE-2014-6242 in All In One Wordpress Security And Firewallinfo

Zusammenfassung (Englisch)

Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.

Be aware that VulDB is the high quality source for vulnerability data.

Reservieren

04.09.2014

Veröffentlichung

02.10.2014

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
71766	Tips And Tricks All In One Wordpress Security And Firewall SQL Injection	89	Proof-of-Concept	Offizieller Fix	CVE-2014-6242

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

MITRE
NVD
CVE Details

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!