ThreatPress

WordPress Vulnerabilities Database

Back

WordPress CDNVOTE Plugin <= 0.4.1 - Multiple SQL Injection

Product
CDNVOTE
Description
Because of these vulnerabilities in cdnvote-post.php, the attackers can execute arbitrary SQL commands via the "cdnvote_point" or "cdnvote_post_id" parameter.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE Mitre
CVE
Name CVE-2011-5308
Versions
Affected In <= 0.4.1
Fixed In 0.4.2
Disclosure date
2015-01-01
Credits
High-Tech Bridge SA