vendor:
GigPress
by:
Adrián M. F.
7.5
CVSS
HIGH
Authenticated SQLi
89
CWE
Product Name: GigPress
Affected Version From: 2.3.2008
Affected Version To: 2.3.2008
Patch Exists: YES
Related CWE: CVE-2015-4066
CPE: a:wordpress:gigpress
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2015
SQLi vulnerabilities in WordPress plugin “GigPress”
An authenticated SQL injection vulnerability exists in the WordPress plugin "GigPress" due to insufficient sanitization of user-supplied input in the "show_artist_id" parameter of the "admin/handlers.php" script. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application's back-end database.
Mitigation:
Upgrade to version 2.3.9 or later of the WordPress plugin "GigPress".