6 matches found
EUVD-2013-5511
Malware in sbrugna...
WordPress Testimonial plugin <= 2.3 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by ch4r0n in WordPress Plugin IndiaNIC Testimonial versions = 2.3...
Sql injection
SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the customquery parameter in a testimonialadd action to wp-admin/admin-ajax.php...
CVE-2013-5673
SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the customquery parameter in a testimonialadd action to wp-admin/admin-ajax.php...
CVE-2013-5672
Multiple cross-site request forgery CSRF vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add a testimonial via an iNICtestimonialsave action; 2 add a listing template via an...
CVE-2013-5673
CVE-2013-5673 concerns the WordPress plugin IndiaNIC Testimonial 2.2 , specifically a SQL injection in the file testimonial.php. The vulnerability allows remote attackers to craft a request through the testimonial_add action to wp-admin/admin-ajax.php, abusing the custom_query parameter to execut...