Lucene search

[email protected]CVE-2015-4614

HistoryJul 08, 2015 - 4:59 p.m.

CVE-2015-4614

2015-07-0816:59:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2015

4614

sql injection

easy2map

wordpress

plugin

vulnerability

nvd

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON

Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors.

Affected configurations

NVD

Node

easy2map_projecteasy2mapRange≤1.2.4wordpress

CPENameOperatorVersion
easy2map_project:easy2mapeasy2map project easy2maple1.2.4

CPE	Name	Operator	Version
easy2map_project:easy2map	easy2map project easy2map	le	1.2.4

References

seclists.org/fulldisclosure/2015/Jul/18

www.securityfocus.com/archive/1/535922/100/0/threaded

www.vapid.dhs.org/advisory.php?v=131

plugins.trac.wordpress.org/changeset/1191455/easy2map

wordpress.org/plugins/easy2map/changelog/

www.exploit-db.com/exploits/37534/

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for CVE-2015-4614

patchstack1 cvelist1 zdt1 nvd1 prion1 wpvulndb1 packetstorm1 wpexploit1 securityvulns1