Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1854

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-1854
Last Modified 07 Mar 2014 03:42:45
Published 27 Feb 2014 10:55:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1854

Summary

SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.

Vulnerable Systems

Application

  • Adrotateplugin Adrotate 3.9.

  • Adrotateplugin Adrotate 3.9.1

  • Adrotateplugin Adrotate 3.9.2

  • Adrotateplugin Adrotate 3.9.3

  • Adrotateplugin Adrotate 3.9.4

  • Adrotateplugin Adrotate 3.9.5


References

MISC - https://www.htbridge.com/advisory/HTB23201

XF - adrotate-track-sql-injection(91253)

BID - 65709

BUGTRAQ - 20140220 SQL Injection in AdRotate

EXPLOIT-DB - 31834

CONFIRM - http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5

SECUNIA - 57079


Last Updated: 27 May 2016 10:56:46