WordPress Comment Rating 'id' Parameter SQL Injection Vulnerability Network Vulnerability

Summary

This host is installed with WordPress Comment Rating plugin and is prone to SQL injection vulnerability.

Impact

Successful exploitation will allow attacker to perform SQL Injection attack and gain sensitive information. Impact Level: Application

Solution

Upgrade to Comment Rating Wordpress plugin version 2.9.24 or later For updates refer to http://wordpress.org/extend/plugins/comment-rating/

Insight

The flaws are caused by improper validation of user-supplied input via the 'id' parameter to '/wp-content/plugins/comment-rating/ck-processkarma.php', which allows attackers to manipulate SQL queries by injecting arbitrary SQL code.

Affected

Wordpress Comment Rating plugin version 2.9.23

References

http://packetstormsecurity.org/files/view/98660
http://www.exploit-db.com/exploits/16221/
http://www.htbridge.ch/advisory/sql_injection_in_comment_rating_wordpress_plugin.html

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
Apache Struts2 Redirection and Security Bypass Vulnerabilities
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability

Take action and discover your vulnerabilities