ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Symposium Plugin <= 15.7- SQL Injection

Product
Symposium
Description
This vulnerability allows an attacker to execute arbitrary SQL commands via the "size" parameter to get_album_item.php.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE Mitre
CVE
Name CVE-2015-6522
Versions
Affected In <= 15.7
Fixed In 15.8
Disclosure date
2015-08-19