Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5350

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2012-5350
Last Modified 10 Oct 2012 12:00:00
Published 09 Oct 2012 11:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-5350

Summary

SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.

Vulnerable Systems

Application

  • Wordpress Pay-with-tweet 1.1


References

XF - paywithtweet-postpage-sql-injection(72165)

BID - 51308

OSVDB - 78204

EXPLOIT-DB - 18330

CONFIRM - http://wordpress.org/extend/plugins/pay-with-tweet/changelog/

SECUNIA - 47475


Last Updated: 27 May 2016 11:00:56