CVE-2009-4748

Sažetak

SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.

Reference

http://packetstormsecurity.org/0907-exploits/wpmco-sql.txt
http://www.exploit-db.com/exploits/9150
http://www.securityfocus.com/bid/35704
https://exchange.xforce.ibmcloud.com/vulnerabilities/51727

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-09-2017 - 01:30

Objavljeno

26-03-2010 - 20:30