Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
patchstackN/APATCHSTACK:BE281B8F3AA6E40CF4CC96C228667594
HistoryOct 02, 2015 - 12:00 a.m.

WordPress Pie Register Plugin <= 2.0.18 - Multiple SQL Injection

2015-10-0200:00:00
N/A
patchstack.com
5

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON

An SQL Injection exsist in pie-register/pie-register.php. It allows the administrators to execute arbitrary SQL commands via the 1. select_invitaion_code_bulk_option or 2. invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php.

Solution

           Update the plugin.
CPENameOperatorVersion
pie registerle2.0.18

Related

securityvulns 2
prion 1
packetstorm 1
wpvulndb 1
cve 1
zdt 1
securityvulns
securityvulns
CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin
2015-10-26 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-10-26 00:00:00
prion
prion
Sql injection
2015-10-16 20:59:00
packetstorm
packetstorm
WordPress Pie Register 2.0.18 SQL Injection
2015-10-12 00:00:00
wpvulndb
wpvulndb
Pie-Register <= 2.0.18 - Authenticated Blind SQL Injection
2015-10-12 00:00:00
cve
cve
CVE-2015-7682
2015-10-16 20:59:00
zdt
zdt
WordPress Pie Register 2.0.18 Cross Site Scripting / SQL Injection Vulnerabilities
2015-10-13 00:00:00

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

JSON
Related for PATCHSTACK:BE281B8F3AA6E40CF4CC96C228667594
securityvulns2prion1packetstorm1wpvulndb1cve1zdt1