ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Simple Ads Manager Plugin <= 2.9.4.116 - SQL Injection

Product
Simple Ads Manager
Description
This plugin is prone to an SQL injection vulnerability, because $whereClause and $whereClauseT and $whereClauseW and $whereClause2W are not escaped.
Solution
Upgrade the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Packet Storm Security
CVE
Name CVE-N/A
Versions
Affected In <= 2.9.4.116
Fixed In 2.9.5.118
Disclosure date
2016-01-30
Credits
Kacper Szurek
Submitter
ThreatPress