Description

Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2012-6643

Related Vulnerabilities

Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8385)

WordPress Plugin Contact Form Submissions Unspecified Vulnerability (1.6.3)

WordPress Plugin WP Google Maps Cross-Site Scripting (7.10.41)

WordPress Plugin Contact Form 7 Zendesk Cross-Site Scripting (1.0.7)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2011-0708)

Severity

High

Classification

CVE-2012-6643 CWE-138

Tags

Missing Update Known Vulnerabilities