Detections
Analytics
Participants Database Plugin for WordPress < 1.5.4.9 'query' Parameter SQL Injection
high Nessus Plugin ID 76071
Language:
Synopsis
The remote web server hosts a PHP script that is affected by a SQL injection vulnerability.Description
The Participants Database Plugin for WordPress installed on the remote host is prior to version 1.5.4.9. It is, therefore, affected by a SQL injection vulnerability due to failure to properly sanitize user-supplied input to the 'query' parameter in the 'pdb-signup' script. A remote, unauthenticated attacker could leverage this issue to execute arbitrary SQL statements against the backend database, leading to manipulation of data or the disclosure of arbitrary data.The application is reportedly also affected by an unspecified flaw in which insufficient privilege checks allows an unauthenticated user to execute actions reserved for administrative users when shortcodes are used.
Solution
Upgrade to version 1.5.4.9 or later.See Also
https://seclists.org/fulldisclosure/2014/Jun/0
https://wordpress.org/plugins/participants-database/#changelog
Plugin Details
Severity: High
ID: 76071
File Name: wordpress_participants_database_1_5_4_9_sqli.nasl
Version: 1.8
Type: remote
Family: CGI abuses
Published: 6/16/2014
Updated: 6/5/2024
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:wordpress:wordpress, cpe:/a:xnau:participants_databas3
Required KB Items: installed_sw/WordPress, www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: No exploit is required
Patch Publication Date: 5/31/2014
Vulnerability Publication Date: 6/1/2014
Reference Information
CVE: CVE-2014-3961
BID: 67769