Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2314

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-2314
Last Modified 27 Mar 2015 10:00:01
Published 17 Mar 2015 11:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-2314

Summary

SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.

Vulnerable Systems

Application

  • Wpml 3.1.8


References

BUGTRAQ - 20150312 WPML WordPress plug-in SQL injection etc.

CONFIRM - http://wpml.org/2015/03/wpml-security-update-bug-and-fix/

MISC - http://packetstormsecurity.com/files/130810/WordPress-WPML-XSS-Deletion-SQL-Injection.html

MISC - http://klikki.fi/adv/wpml.html

OSVDB - 119541


Last Updated: 27 May 2016 11:08:08