WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities

IT Swift - Know IT News Swiftly

WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities

Exploit Title: WordPress Daily Edition Theme v1.6.2 /fiche-disque.php id Parameters SQL Injection Security Vulnerabilities

Product: WordPress Daily Edition Theme

Vendor: WooThemes

Vulnerable Versions: v1.6.2

Tested Version: v1.6.2

Advisory Publication: Mar 07, 2015

Latest Update: Mar 07, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]


wordpress_daily_edition_3

Advisory Details:

(1) Vendor & Product Description:

Vendor:

WooThemes

Product & Version:

WordPress Daily Edition Theme

v1.6.2

Vendor URL & Download:

WordPress Daily Edition Theme can be got from here,

http://www.woothemes.com/products/daily-edition/

Product Introduction:

“Daily Edition WordPress Theme developed by wootheme team and Daily Edition is a clean, spacious newspaper/magazine theme designed by Liam McKay. With loads of home…

View original post 詳見內文:約256字

廣告

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s