Lucene search

[email protected]CVE-2014-9097

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-9097

2022-10-0316:20:41

CWE-89

[email protected]

web.nvd.nist.gov

cve-2014-9097

sql injection

wordpress

apptha

video gallery

plugin

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.5%

JSON

Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php.

Affected configurations

NVD

Node

appthacontus_video_galleryMatch2.5wordpress

CPENameOperatorVersion
apptha:contus_video_galleryapptha contus video galleryeq2.5

CPE	Name	Operator	Version
apptha:contus_video_gallery	apptha contus video gallery	eq	2.5

References

packetstormsecurity.com/files/127611/WordPress-Video-Gallery-2.5-Cross-Site-Scripting-SQL-Injection.html

wordpress.org/plugins/contus-video-gallery/changelog

www.securityfocus.com/bid/68883

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for CVE-2014-9097

checkpoint_advisories1 nvd1 prion1 patchstack4 zdt1 cvelist1 wpvulndb1