CVE-2015-3314

🗓️ 07 Sep 2017 20:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 56 Views🌐 WEB

SQL injection vuln in WordPress Tune Library plugin before 1.5.

Reporter	Title	Published	Views	Family All 12
0day.today	WordPress Tune Library Plugin 1.5.4 - SQL Injection Vulnerability	21 Apr 201500:00	–	zdt
CNVD	WordPress Tune Library Plugin SQL Injection Vulnerability	20 May 201500:00	–	cnvd
Cvelist	CVE-2015-3314	7 Sep 201720:00	–	cvelist
Exploit DB	WordPress Plugin Tune Library 1.5.4 - SQL Injection	21 Apr 201500:00	–	exploitdb
EUVD	EUVD-2015-3360	7 Oct 202500:30	–	euvd
exploitpack	WordPress Plugin Tune Library 1.5.4 - SQL Injection	21 Apr 201500:00	–	exploitpack
NVD	CVE-2015-3314	7 Sep 201720:29	–	nvd
Packet Storm	WordPress Tune Library 1.5.4 SQL Injection	21 Apr 201500:00	–	packetstorm
Patchstack	WordPress Tune Library Plugin 1.5.4 - SQL Injection	21 Apr 201500:00	–	patchstack
Prion	Sql injection	7 Sep 201720:29	–	prion

NVD

Node

tune_library_project tune_libraryRange≤1.5.4wordpress

Source	Link
openwall	www.openwall.com/lists/oss-security/2015/05/08/3
openwall	www.openwall.com/lists/oss-security/2015/04/16/10
packetstormsecurity	www.packetstormsecurity.com/files/131558/WordPress-Tune-Library-1.5.4-SQL-Injection.html
securityfocus	www.securityfocus.com/bid/74236
wordpress	www.wordpress.org/plugins/tune-library/
exploit-db	www.exploit-db.com/exploits/36802/

Parameter	Position	Path	Description	CWE
artistletter	query param	/?page_id=2&artistletter=G' UNION ALL SELECT CONCAT_WS(CHAR(59),version(),current_user(),database()),2--%20	SQL injection vulnerability in Tune Library WordPress plugin via query parameter triggering UNION SELECT and data leakage.	CWE-89

13 May 2026 00:24Current

8.3High risk

Vulners AI Score8.3

CVSS 26.8

CVSS 38.1

EPSS0.08759

cve-2015-3314 sql injection wordpress tune library nvd