Lucene search

[email protected]CVE-2015-4066

HistoryMay 27, 2015 - 6:59 p.m.

CVE-2015-4066

2015-05-2718:59:07

CWE-89

[email protected]

web.nvd.nist.gov

cve-2015-4066

sql injection

gigpress

wordpress

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.3%

JSON

Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php.

Affected configurations

NVD

Node

trigigpressRange≤2.3.8wordpress

CPENameOperatorVersion
tri:gigpresstri gigpressle2.3.8

CPE	Name	Operator	Version
tri:gigpress	tri gigpress	le	2.3.8

References

packetstormsecurity.com/files/132036/WordPress-GigPress-2.3.8-SQL-Injection.html

www.securityfocus.com/bid/74747

wordpress.org/plugins/gigpress/changelog/

www.exploit-db.com/exploits/37109/

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.3%

JSON

Related for CVE-2015-4066

wpvulndb1 zdt1 packetstorm1 exploitpack1 cvelist2 nvd2 prion2 exploitdb1 cve1