Vulners
Lucene search
WordPress Support Ticket System 1.2 SQL Injection Vulnerability
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | WordPress Support Ticket System SQL Injection Vulnerability | 10 Oct 201700:00 | – | cnvd |
 | CVE-2015-7670 | 26 Sep 201715:00 | – | cve |
 | CVE-2015-7670 | 26 Sep 201715:00 | – | cvelist |
 | EUVD-2015-7573 | 7 Oct 202500:30 | – | euvd |
 | CVE-2015-7670 | 26 Sep 201715:29 | – | nvd |
 | WordPress Support Ticket System Plugin <= 1.2 - SQL Injection | 6 Oct 201500:00 | – | patchstack |
 | Sql injection | 26 Sep 201715:29 | – | prion |
 | [CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin | 26 Oct 201500:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 26 Oct 201500:00 | – | securityvulns |
 | Support Ticket System <= 1.2 - Unauthenticated SQL Injection | 6 Oct 201500:00 | – | wpvulndb |
10
Vulnerability title: SQL Injection in Support Ticket System 1.2 WordPress plugin
CVE: CVE-2015-7670
Vendor: Tim Dahlmanns
Product: Support Ticket System
Affected version: 1.2
Fixed version: 1.2.1
Reported by: Ibéria Medeiros
Vulnerability Details:
=====================
It was discovered that no protection against SQL injection attack was implemented, resulting in an attacker being able to retrieve users and ticket data from database; and insert data about users and tickets in the database; then using these data in future attacks.
The Support Ticket System 1.2 WordPress plugin is vulnerable to 5 SQLI injection (SQLI) vulnerabilities.
The includes/update.php file is vulnerable to SQLI attacks via $user and $id parameters.
System affected:
===============
Any system that access to a web site developed by WordPress CMS version 4.3.1 or earier and uses the Support Ticket System v.1.2 or early.
Advisory:
========
https://wordpress.org/plugins/simple-support-ticket-system/changelog/
Solution:
========
Update to Support Ticket System v.1.2.1 plugin
https://wordpress.org/plugins/simple-support-ticket-system/
Disclosure Timeline:
===================
Vendor notification: September 29, 2015
Vendor fixed vulnerability: October 6, 2015
Public advisory: October 6, 2015
Public disclosure: October 6, 2015
# 0day.today [2018-04-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Oct 2015 00:00Current
0.4Low risk
Vulners AI Score0.4
EPSS0.00659