SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/533904/100/0/threaded | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/70918 | Third Party Advisory VDB Entry |
https://wordpress.org/plugins/bulletproof-security/changelog/ | Patch Vendor Advisory |
http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/533904/100/0/threaded | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/70918 | Third Party Advisory VDB Entry |
https://wordpress.org/plugins/bulletproof-security/changelog/ | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:18
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/533904/100/0/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/70918 - Third Party Advisory, VDB Entry | |
References | () https://wordpress.org/plugins/bulletproof-security/changelog/ - Patch, Vendor Advisory |
Information
Published : 2014-11-06 15:55
Updated : 2024-11-21 02:18
NVD link : CVE-2014-7959
Mitre link : CVE-2014-7959
CVE.ORG link : CVE-2014-7959
JSON object : View
Products Affected
ait-pro
- bulletproof_security
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')