WordPress Comment Rating Plugin SQL Injection and Security Bypass Vulnerabilities
BID:58201
Info
WordPress Comment Rating Plugin SQL Injection and Security Bypass Vulnerabilities
| Bugtraq ID: | 58201 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 21 2013 12:00AM |
| Updated: | Feb 21 2013 12:00AM |
| Credit: | ebanyu |
| Vulnerable: |
WordPress Comment Rating 2.9.32 |
| Not Vulnerable: | |
Discussion
WordPress Comment Rating Plugin SQL Injection and Security Bypass Vulnerabilities
The Comment Rating plugin for WordPress is prone to an SQL-injection vulnerability and a security-bypass vulnerability.
Exploiting these issues could allow an attacker to bypass certain security restrictions and perform unauthorized actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Comment Rating 2.9.32 is vulnerable; other versions may also be affected.
The Comment Rating plugin for WordPress is prone to an SQL-injection vulnerability and a security-bypass vulnerability.
Exploiting these issues could allow an attacker to bypass certain security restrictions and perform unauthorized actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Comment Rating 2.9.32 is vulnerable; other versions may also be affected.
Exploit / POC
WordPress Comment Rating Plugin SQL Injection and Security Bypass Vulnerabilities
An attacker can exploit this issue using a browser.
The following exploit code and example URI are available:
http://www.example.com/wordpress/wp-content/plugins/comment-rating/ck-processkarma.php
An attacker can exploit this issue using a browser.
The following exploit code and example URI are available:
http://www.example.com/wordpress/wp-content/plugins/comment-rating/ck-processkarma.php
Solution / Fix
WordPress Comment Rating Plugin SQL Injection and Security Bypass Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
WordPress Comment Rating Plugin SQL Injection and Security Bypass Vulnerabilities
References:
References:
- Comment Rating Homepage (Bob King)
- WordPress Homepage (WordPress)