Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4646

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2011-4646
Last Modified 01 Dec 2011 12:00:00
Published 30 Nov 2011 02:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-4646

Summary

SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Lesterchan Wp-postratings 1.50

  • Lesterchan Wp-postratings 1.61


References

CONFIRM - http://plugins.trac.wordpress.org/changeset/430970/wp-postratings/trunk/wp-postratings.php?old=355076&old_path=wp-postratings%2Ftrunk%2Fwp-postratings.php

BID - 49986

CONFIRM - http://wordpress.org/extend/plugins/wp-postratings/changelog/

SECUNIA - 46328


Last Updated: 27 May 2016 10:57:49