Summary
This host is installed with WordPress
Spreadsheet plugin and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote
attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site and inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Impact Level: Application
Solution
No solution or patch is available as of 9th
February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer http://timrohrer.com/blog/?page_id=71
Insight
Input passed via the 'ss_id' parameter to
wpSS/ss_handler.php script is not validated before returning it to users.
Affected
WordPress Spreadsheet plugin version 0.62
Detection
Send a crafted data via HTTP GET request
and check whether it is able to read cookie or not.
References
Severity
Classification
-
CVE CVE-2014-8363, CVE-2014-8364 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
- Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- AdPeeps 'index.php' Multiple Vulnerabilities.