Lucene search

K

WordPress WP Symposium Multiple SQL Injection Vulnerabilities

๐Ÿ—“๏ธย 24 Aug 2015ย 00:00:00Reported byย Copyright (C) 2015 Greenbone AGTypeย 
openvas
ย openvas
๐Ÿ”—ย plugins.openvas.org๐Ÿ‘ย 13ย Views

WordPress plugin 'WP Symposium' prone to multiple SQL injection vulnerabilities. Exploitation allows for SQL query manipulation or data disclosure. Affected version 15.5.1, solution is to update to version 15.8 or later

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
WPVulnDB
WP Symposium <= 15.5.1 - Unauthenticated SQL Injection
9 Aug 201500:00
โ€“wpvulndb
Check Point Advisories
WordPress Symposium Plugin SQL Injection (CVE-2015-6522)
8 Dec 201600:00
โ€“checkpoint_advisories
Prion
Sql injection
19 Aug 201515:59
โ€“prion
Packet Storm
WordPress Symposium Plugin SQL Injection
31 Aug 202400:00
โ€“packetstorm
wpexploit
WP Symposium <= 15.5.1 - Unauthenticated SQL Injection
9 Aug 201500:00
โ€“wpexploit
Patchstack
WordPress Symposium Plugin 15.1 - SQL Injection #2
18 Aug 201500:00
โ€“patchstack
Patchstack
WordPress Symposium Plugin <= 15.7- SQL Injection
19 Aug 201500:00
โ€“patchstack
Metasploit
WordPress Symposium Plugin SQL Injection
17 Nov 201614:04
โ€“metasploit
Cvelist
CVE-2015-6522
19 Aug 201515:00
โ€“cvelist
CVE
CVE-2015-6522
19 Aug 201515:59
โ€“cve
Rows per page
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:wordpress:wordpress";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.806026");
  script_version("2023-07-25T05:05:58+0000");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
  script_tag(name:"creation_date", value:"2015-08-24 15:13:35 +0530 (Mon, 24 Aug 2015)");
  script_tag(name:"qod_type", value:"remote_vul");
  script_name("WordPress WP Symposium Multiple SQL Injection Vulnerabilities");
  script_cve_id("CVE-2015-6522");

  script_tag(name:"summary", value:"The WordPress plugin 'WP Symposium' is prone to multiple sql injection vulnerabilities.");

  script_tag(name:"vuldetect", value:"Send a crafted request via HTTP GET and
  check whether it is able to execute sql query or not.");

  script_tag(name:"insight", value:"Multiple flaws are due to input validation
  errors in 'forum_functions.php' and 'get_album_item.php' in WP Symposium
  plugin.");

  script_tag(name:"impact", value:"Successful exploitation will allow remote
  attackers to inject or manipulate SQL queries in the back-end database,
  allowing for the manipulation or disclosure of arbitrary data.");

  script_tag(name:"affected", value:"WordPress WP Symposium Plugin version
  15.5.1 and probably all existing previous versions may also be affected.");

  script_tag(name:"solution", value:"Update to WP Symposium version 15.8 or
  later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_xref(name:"URL", value:"https://www.exploit-db.com/exploits/37824");
  script_xref(name:"URL", value:"https://www.exploit-db.com/exploits/37822");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_wordpress_http_detect.nasl");
  script_require_ports("Services/www", 80);
  script_mandatory_keys("wordpress/http/detected");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("host_details.inc");

if(!port = get_app_port(cpe:CPE, service:"www"))
  exit(0);

if(!dir = get_app_location(cpe:CPE, port:port))
  exit(0);

if(dir == "/")
  dir = "";

url = dir + "/wp-content/plugins/wp-symposium/get_album_item.php?size=version%28%29%20;%20--";

if(http_vuln_check(port:port, url:url, check_header:TRUE, pattern:"([0-9.]+)",
                   extra_check:"Set-Cookie: PHPSESSID")) {
  report = http_report_vuln_url(port:port, url:url);
  security_message(port:port, data:report);
  exit(0);
}

exit(99);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
24 Aug 2015 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS27.5
EPSS0.97
13
.json
Report