Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5853

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5853
Last Modified 08 Jan 2015 02:04:30
Published 07 Jan 2015 08:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5853

Summary

SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php.

Vulnerable Systems

Application

  • Ajax Post Search Project Ajax Post Search 1.2


References

CONFIRM - https://wordpress.org/plugins/cardoza-ajax-search/changelog/

BUGTRAQ - 20121106 Sql injection in AJAX post Search wordpress plugin


Last Updated: 27 May 2016 11:07:28