Summary
This host is running WordPress with multiple plugins and is prone to SQL injection vulnerabilities
Impact
Successful exploitation could allow remote attackers to conduct SQL injection attacks.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Refer the references, for information about vulnerability.
Affected
WordPress Yolink Search version 1.1.4
WordPress Crawl Rate Tracker Plugin version 2.0.2
References
- http://packetstormsecurity.org/files/view/104608/wpcrawlratetracker-sql.txt
- http://packetstormsecurity.org/files/view/104610/wpyolink-sql.txt
- http://secunia.com/advisories/45801
- http://www.exploit-db.com/exploits/17755/
- http://www.exploit-db.com/exploits/17757/
- http://xforce.iss.net/xforce/xfdb/69504
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
- Artmedic Kleinanzeigen File Inclusion Vulnerability
- Arkeia Appliance Path Traversal Vulnerability
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities