ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Participants Database Plugin 1.5.4.8 - SQL Injection

Product
Participants Database
Description
SQL Injection in Participants Database plugin allows an unauthenticated user to execute arbitrary SQL statements.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Exploit-DB
CVE
Name CVE-2014-3961
Versions
Affected In <= 1.5.4.8
Fixed In 1.5.4.9
Disclosure date
2014-06-02
Credits
Yarubo Research Team