SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:09
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/show/osvdb/107626 - | |
References | () http://packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.html - Exploit | |
References | () http://seclists.org/fulldisclosure/2014/Jun/0 - Exploit | |
References | () http://www.exploit-db.com/exploits/33613 - Exploit | |
References | () http://www.securityfocus.com/bid/67769 - | |
References | () https://wordpress.org/plugins/participants-database/changelog - Patch | |
References | () https://www.yarubo.com/advisories/1 - Exploit, URL Repurposed |
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.yarubo.com/advisories/1 - Exploit, URL Repurposed |
Information
Published : 2014-06-04 14:55
Updated : 2024-11-21 02:09
NVD link : CVE-2014-3961
Mitre link : CVE-2014-3961
CVE.ORG link : CVE-2014-3961
JSON object : View
Products Affected
xnau
- participants_database
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')