ThreatPress

WordPress Vulnerabilities Database

Back

WordPress NOSpamPTI Plugin - Blind SQL Injection

Product
NOSpamPTI
Description
NOSpamPTI plugin is prone to a blind SQL injection vulnerability because of the wp-comments-post.php script not properly sanitizing the comment_post_ID in POST data. The issue allows to manipulate SQL queries in the back-end database. It results manipulation or disclosure of arbitrary data.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Exploit-DB
CVE
Name CVE-2013-5917
Versions
Affected In <= 2.1
Fixed In 2.2
Disclosure date
2013-09-23
Credits
Alexandro Silva