oss-sec mailing list archives
CVE request: WordPress plugin sp-client-document-manager Blind SQL Injection
From: Henri Salo <henri () nerv fi>
Date: Thu, 16 Jul 2015 15:02:45 +0300
Can I get CVE identifier for WordPress plugin sp-client-document-manager Blind SQL Injection vulnerability, thanks? URL: https://wordpress.org/plugins/sp-client-document-manager/ Affected: 2.5.3 and previous version Fixed in: 2.5.4 PoC: /wordpress/wp-content/plugins/sp-client-document-manager/ajax.php?function=thumbnails&pid=[SQLi] Changelog says for 2.5.4: "Fixed exploit in ajax (credit: rh3792 () naver com)" More information: https://www.exploit-db.com/exploits/36576/ Please note that changelog also says: "2.5.7.3: Security fix, please update", but I do not yet have more information about that issue. -- Henri Salo
Current thread:
- CVE request: WordPress plugin sp-client-document-manager Blind SQL Injection Henri Salo (Jul 16)