CVE-2014-1854CVE-2014-1854

Affected configuration(s):

cpe:/a:adrotateplugin:adrotate:3.9.::~free~wordpress~~~
cpe:/a:adrotateplugin:adrotate:3.9.::~pro~wordpress~~~
cpe:/a:adrotateplugin:adrotate:3.9.1::~free~wordpress~~~
cpe:/a:adrotateplugin:adrotate:3.9.1::~pro~wordpress~~~
cpe:/a:adrotateplugin:adrotate:3.9.2::~free~wordpress~~~
cpe:/a:adrotateplugin:adrotate:3.9.2::~pro~wordpress~~~
cpe:/a:adrotateplugin:adrotate:3.9.3::~free~wordpress~~~
cpe:/a:adrotateplugin:adrotate:3.9.3::~pro~wordpress~~~
cpe:/a:adrotateplugin:adrotate:3.9.4::~free~wordpress~~~
cpe:/a:adrotateplugin:adrotate:3.9.4::~pro~wordpress~~~
cpe:/a:adrotateplugin:adrotate:3.9.5::~pro~wordpress~~~

Date published: 2014-02-27T10:55:15.623-05:00

Date last modified: 2017-08-28T21:34:27.763-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5

Summary: SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.