CVE-2014-3961CVE-2014-3961

Affected configuration(s):

cpe:/a:xnau:participants_database:1.5.4::~~~wordpress~~
cpe:/a:xnau:participants_database:1.5.4.1::~~~wordpress~~
cpe:/a:xnau:participants_database:1.5.4.2::~~~wordpress~~
cpe:/a:xnau:participants_database:1.5.4.3::~~~wordpress~~
cpe:/a:xnau:participants_database:1.5.4.4::~~~wordpress~~
cpe:/a:xnau:participants_database:1.5.4.5::~~~wordpress~~
cpe:/a:xnau:participants_database:1.5.4.6::~~~wordpress~~
cpe:/a:xnau:participants_database:1.5.4.7::~~~wordpress~~
cpe:/a:xnau:participants_database:1.5.4.8::~~~wordpress~~

Date published: 2014-06-04T10:55:07.047-04:00

Date last modified: 2014-06-05T10:48:59.443-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.html

Summary: SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an “output CSV” action to pdb-signup/.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *