header-logo
Suggest Exploit
vendor:
PHPWordPress
by:
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHPWordPress
Affected Version From: Up to and including version 3.0
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple SQL Injection Vulnerabilities in PHPWordPress

PHPWordPress is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize and validate user-supplied input before using it in an SQL query. Additionally, the latest version of PHPWordPress should be used to ensure that any security patches or updates are applied.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15582/info

PHPWordPress is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

PHPWordPress versions up to and including 3.0 are reported to be vulnerable; other versions may also be affected. 

http://www.example.com/index.php?poll=[SQL]
http://www.example.com/index.php?category=[SQL]
http://www.example.com/?archive&ctg=[SQL]