{"id": "PACKETSTORM:98660", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Comment Rating 2.9.23 Path Disclosure / SQL Injection", "description": "", "published": "2011-02-22T00:00:00", "modified": "2011-02-22T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/98660/Comment-Rating-2.9.23-Path-Disclosure-SQL-Injection.html", "reporter": "High-Tech Bridge SA", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:19:17", "viewCount": 10, "enchantments": {"score": {"value": 0.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {"references": [{"type": "htbridge", "idList": ["HTB22841"]}]}, "exploitation": null, "vulnersScore": 0.1}, "sourceHref": "https://packetstormsecurity.com/files/download/98660/commentrating-sqldisclose.txt", "sourceData": "`================================= \nVulnerability ID: HTB22842 \nReference: http://www.htbridge.ch/advisory/path_disclosure_in_comment_rating_wordpress_plugin.html \nProduct: Comment Rating wordpress plugin \nVendor: Bob King ( http://wealthynetizen.com/ ) \nVulnerable Version: 2.9.23 \nVendor Notification: 08 February 2011 \nVulnerability Type: Path disclosure \nRisk level: Low \nCredit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) \n \nVulnerability Details: \nThe vulnerability exists due to failure in the \"/wp-content/plugins/comment-rating/comment-rating-options.php\" script, it's possible to generate an error that will reveal the full path of the script. \nA remote user can determine the full path to the web root directory and other potentially sensitive information. \n \nThe following PoC is available: \n \n \nhttp://[host]/wp-content/plugins/comment-rating/comment-rating-options.php \n \n \n================================= \nVulnerability ID: HTB22841 \nReference: http://www.htbridge.ch/advisory/sql_injection_in_comment_rating_wordpress_plugin.html \nProduct: Comment Rating wordpress plugin \nVendor: Bob King ( http://wealthynetizen.com/ ) \nVulnerable Version: 2.9.23 \nVendor Notification: 08 February 2011 \nVulnerability Type: SQL Injection \nStatus: Fixed by Vendor \nRisk level: High \nCredit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) \n \nVulnerability Details: \nThe vulnerability exists due to failure in the \"/wp-content/plugins/comment-rating/ck-processkarma.php\" script to properly sanitize user-supplied input in \"id\" variable. \nAttacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. \n \nThe following PoC is available: \n \n \nhttp://[host]/wp-content/plugins/comment-rating/ck-processkarma.php?path=1&action=1&id=1%20and%201=2%20--%20 \n \nSolution: Upgrade to the most recent version \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645298048, "score": 1659769055}}