7 matches found
WordPress NewStatPress Plugin 0.9.8 xss+sql注入
主题地址:https://wordpress.org/plugins/newstatpress/影响版本:0.9.8Active installs: 20,000+CVE: CVE-2015-4062, CVE-2015-40631)sql注入 CWE-89 CVE-2015-4062 CODE:includes/nspsearch.php:94for$i=1;$i=3;$i++ if$GET"what$i" != '' && $GET"where$i" != '' $where.=" AND ".$GET"where$i"." LIKE '%".$GET"what$i"."%'";...
CVE-2015-4062
SQL injection vulnerability in includes/nspsearch.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nspsearch page to wp-admin/admin.php...
CVE-2015-4062
CVE-2015-4062 affects WordPress plugin NewStatPress 0.9.8. The vulnerability is an SQL injection in includes/nsp_search.php that allows a remote authenticated user to execute arbitrary SQL via the where1 parameter on the nsp_search page (wp-admin/admin.php). The issue is demonstrated in multiple ...
WordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection Vulnerabilities
WordPress NewStatPress plugin version 0.9.8 suffers from cross site scripting and remote SQL injection vulnerabilities. Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage:...
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities
Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/newstatpress/ Active installs: 20,000+ Vulnerable version: 0.9.8 Fixed version: 0.9.9 CVE: CVE-2015-4062, CVE-2015-4063...
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/newstatpress/ Active installs: 20,000+ Vulnerable version:...
WordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection
Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/newstatpress/ Active installs: 20,000+ Vulnerable version: 0.9.8 Fixed version: 0.9.9 CVE: CVE-2015-4062, CVE-2015-4063...