Lucene search
Jeroen (ITNerdbox)PATCHSTACK:5538291892C9E1651D0C89AD093707DFHistoryOct 03, 2017 - 12:00 a.m.
WordPress Content Timeline plugin <=4.4.2 - Multiple Blind SQL Injection vulnerabilities
2017-10-0300:00:00
Jeroen (ITNerdbox)
patchstack.com
18
EPSS
0.003
Percentile
66.1%
Multiple Blind SQL Injection vulnerabilities found by Jeroen (ITNerdbox) in premium WordPress plugin - Content Timeline (<=4.4.2 ). It is possible to execute arbitrary SQL commands via the id parameter (content_timeline_class.php, content_timeline_edit.php, content_timeline_index.php).
Solution
We were unable to find any solution (last checked on October 3rd, 2017). Last available update according to the plugin changelog released on March 1st, 2017. We suggest to deactivate and uninstall the Content Timeline plugin until the patched version release.
Related
prion
prion
Sql injection
2017-09-29 01:34:00
cvelist
cvelist
CVE-2017-14507
2017-09-28 19:00:00
nvd
nvd
CVE-2017-14507
2017-09-29 01:34:49
exploitpack
exploitpack
WordPress Plugin Content Timeline - SQL Injection
2017-09-16 00:00:00
wpvulndb
wpvulndb
Content Timeline <= 4.4.2 - Multiple Blind SQL Injection
2017-09-26 00:00:00
wpexploit
wpexploit
Content Timeline <= 4.4.2 - Multiple Blind SQL Injection
2017-09-26 00:00:00
exploitdb
exploitdb
WordPress Plugin Content Timeline - SQL Injection
2017-09-16 00:00:00
cve
cve
CVE-2017-14507
2017-09-29 01:34:49