CVE-2009-4748

2010-03-2620:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-4748

sql injection

vulnerability

my category order plugin

wordpress

remote execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.

Affected configurations

NVD

Node

andrew_charltonmy_category_orderRange≤2.8

andrew_charltonmy_category_orderMatch2.6.1

andrew_charltonmy_category_orderMatch2.6.1a

andrew_charltonmy_category_orderMatch2.7

andrew_charltonmy_category_orderMatch2.7.1

AND

wordpresswordpress

CPENameOperatorVersion
andrew_charlton:my_category_orderandrew charlton my category orderle2.8
andrew_charlton:my_category_orderandrew charlton my category ordereq2.6.1
andrew_charlton:my_category_orderandrew charlton my category ordereq2.6.1a
andrew_charlton:my_category_orderandrew charlton my category ordereq2.7
andrew_charlton:my_category_orderandrew charlton my category ordereq2.7.1

CPE	Name	Operator	Version
andrew_charlton:my_category_order	andrew charlton my category order	le	2.8
andrew_charlton:my_category_order	andrew charlton my category order	eq	2.6.1
andrew_charlton:my_category_order	andrew charlton my category order	eq	2.6.1a
andrew_charlton:my_category_order	andrew charlton my category order	eq	2.7
andrew_charlton:my_category_order	andrew charlton my category order	eq	2.7.1