ThreatPress

WordPress Vulnerabilities Database

Back

WordPress UPM Polls Plugin 1.0.4 - Blind SQL Injection

Product
UPM Pools
Description
UPM Polls plugin is prone to an SQL injection. This vulnerability allows an attacker or any user who can view poll results to use blind SQL injection to extract database data and compromise the whole server.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.0.4
Fixed In 1.0.5
Disclosure date
2011-12-11
Credits
Saif El-Sherei