ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Download Plugin <= 1.2 - SQL Injecion

Product
WP Download
Description
Because of this vulnerability in wp-download.php, the attackers can execute arbitrary SQL commands via the "dl_id" parameter.
Solution
Update the plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE Mitre
CVE
Name CVE-2008-1646
Versions
Affected In <= 1.2
Fixed In 1.3
Disclosure date
2008-04-02
Credits
BL4CK