Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4671

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4671
Last Modified 12 Dec 2011 11:09:34
Published 02 Dec 2011 01:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4671

Summary

SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).

Vulnerable Systems

Application

  • Adrotateplugin Adrotate 0.1

  • Adrotateplugin Adrotate 0.2

  • Adrotateplugin Adrotate 0.3

  • Adrotateplugin Adrotate 0.4

  • Adrotateplugin Adrotate 0.5

  • Adrotateplugin Adrotate 0.6

  • Adrotateplugin Adrotate 0.7

  • Adrotateplugin Adrotate 0.7.1

  • Adrotateplugin Adrotate 0.8

  • Adrotateplugin Adrotate 1.0

  • Adrotateplugin Adrotate 2.0

  • Adrotateplugin Adrotate 2.0.1

  • Adrotateplugin Adrotate 2.1

  • Adrotateplugin Adrotate 2.2

  • Adrotateplugin Adrotate 2.3

  • Adrotateplugin Adrotate 2.3.1

  • Adrotateplugin Adrotate 2.4

  • Adrotateplugin Adrotate 2.4.1

  • Adrotateplugin Adrotate 2.4.2

  • Adrotateplugin Adrotate 2.4.3

  • Adrotateplugin Adrotate 2.4.4

  • Adrotateplugin Adrotate 2.5

  • Adrotateplugin Adrotate 2.5.1

  • Adrotateplugin Adrotate 2.6

  • Adrotateplugin Adrotate 2.6.1

  • Adrotateplugin Adrotate 3.0

  • Adrotateplugin Adrotate 3.0.1

  • Adrotateplugin Adrotate 3.0.2

  • Adrotateplugin Adrotate 3.0.3

  • Adrotateplugin Adrotate 3.1

  • Adrotateplugin Adrotate 3.1.1

  • Adrotateplugin Adrotate 3.2

  • Adrotateplugin Adrotate 3.2.1

  • Adrotateplugin Adrotate 3.2.2

  • Adrotateplugin Adrotate 3.3

  • Adrotateplugin Adrotate 3.3.1

  • Adrotateplugin Adrotate 3.4

  • Adrotateplugin Adrotate 3.5

  • Adrotateplugin Adrotate 3.5.1

  • Adrotateplugin Adrotate 3.6

  • Adrotateplugin Adrotate 3.6.1

  • Adrotateplugin Adrotate 3.6.2

  • Adrotateplugin Adrotate 3.6.3

  • Adrotateplugin Adrotate 3.6.4

  • Adrotateplugin Adrotate 3.6.5

  • Adrotateplugin Adrotate 3.6.6

  • Adrotateplugin Adrotate 3.6.7


References

CONFIRM - http://downloads.wordpress.org/plugin/adrotate.3.6.8.zip

EXPLOIT-DB - 18114

MISC - http://unconciousmind.blogspot.com/2011/11/wordpress-adrotate-plugin-366-sql.html

SECUNIA - 46814

BID - 50674


Last Updated: 27 May 2016 10:57:52