Description

Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2012-6643

Related Vulnerabilities

WordPress Plugin Visualizer:Tables and Charts Manager for WordPress PHAR Deserialization (3.7.9)

ownCloud Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2021-35947)

XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6885)

Atlassian Jira Other Vulnerability (CVE-2019-20101)

WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Directory Traversal (6.45)

Severity

High

Classification

CVE-2012-6643 CWE-138

Tags

Missing Update Known Vulnerabilities