CVE-2013-1408 in Wysija Newsletters
Resumen (Inglés)
Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Reservar
2013-01-19
Divulgación
2014-03-24
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 66775 | Wysija Newsletters inyección SQL | 89 | Prueba de concepto | Arreglo oficial | CVE-2013-1408 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV