Wordpress Events Manager Plugin 'events-manager.php' SQL Injection Vulnerability
BID:40098
Info
Wordpress Events Manager Plugin 'events-manager.php' SQL Injection Vulnerability
| Bugtraq ID: | 40098 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2010 12:00AM |
| Updated: | May 11 2010 12:00AM |
| Credit: | Danilo Massa |
| Vulnerable: |
WordPress Events Manager 2.1 WordPress Events Manager 2.0rc2 |
| Not Vulnerable: | |
Discussion
Wordpress Events Manager Plugin 'events-manager.php' SQL Injection Vulnerability
The Events Manager plugin for Wordpress is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Events Manager versions 2.1 and prior are affected.
The Events Manager plugin for Wordpress is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Events Manager versions 2.1 and prior are affected.
Exploit / POC
Wordpress Events Manager Plugin 'events-manager.php' SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Wordpress Events Manager Plugin 'events-manager.php' SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Wordpress Events Manager Plugin 'events-manager.php' SQL Injection Vulnerability
References:
References:
- Events Manager Changelog (WordPress)
- Wordpress church_admin Plugin "id" Cross-Site Scripting Vulnerability (Sammy Forgit)