WordPress Theme Toolbox - mls SQL Injection

2012-11-29T00:00:00
ID EXPLOITPACK:F709CD231E22DAD65481157A6B35E02C
Type exploitpack
Reporter Ashiyane Digital Security Team
Modified 2012-11-29T00:00:00

Description

WordPress Theme Toolbox - mls SQL Injection

                                        
                                            source: https://www.securityfocus.com/bid/56745/info

The Toolbox theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Toolbox 1.4 is vulnerable; other versions may also be affected.

http://www.example.com/wp-content/Themes/toolbox/include/flyer.php?mls=[Sqli]