Summary
This host is installed with WordPress Media Library Categories plugin and is prone to sql injection vulnerability.
Impact
Successful exploitation will allow attacker to perform SQL Injection attack and gain sensitive information.
Impact Level: Application
Solution
Upgrade to WordPress Media Library Categories plugin version 1.0.7 or later For updates refer to http://wordpress.org/extend/plugins/media-library-categories/
Insight
The flaw is due to improper validation of user-supplied input passed via the 'termid' parameter to '/wp-content/plugins/media-library-categories /sort.php', which allows attackers to manipulate SQL queries by injecting arbitrary SQL code.
Affected
WordPress Media Library Categories plugin version 1.0.6 and prior.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AdPeeps 'index.php' Multiple Vulnerabilities.
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- b2Evolution title SQL Injection
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- Advanced Guestbook Index.PHP SQL Injection Vulnerability