Lucene search

PRIOn knowledge basePRION:CVE-2015-4018

HistoryMay 21, 2015 - 8:59 p.m.

Sql injection

2015-05-2120:59:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.5%

JSON

SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.

CPENameOperatorVersion
feedwordpressle2014.0805

CPE	Name	Operator	Version
	feedwordpress	le	2014.0805

References

packetstormsecurity.com/files/131974/WordPress-FeedWordPress-2015.0426-SQL-Injection.html

seclists.org/fulldisclosure/2015/May/75

wordpress.org/plugins/feedwordpress/changelog/

www.exploit-db.com/exploits/37067/

8.5 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.5%

JSON

Related for PRION:CVE-2015-4018