header-logo
Suggest Exploit
vendor:
Spider Facebook
by:
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Spider Facebook
Affected Version From: 1.0.8
Affected Version To: 1.0.8
Patch Exists: NO
Related CWE:
CPE: a:web-dorado:spider_facebook:1.0.8
Metasploit:
Other Scripts:
Platforms Tested: WordPress

Spider Facebook Plugin for WordPress SQL Injection Vulnerability

Spider Facebook plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Update to the latest version of Spider Facebook plugin for WordPress.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/69675/info

Spider Facebook plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Spider Facebook 1.0.8 is vulnerable; other versions may also be affected. 

http://www.example.com/wordpress/wp-admin/admin.php?page=Spider_Facebook_manage&task=Spider_Facebook_edit&id=1 and 1=2

Navigation

Suggest Exploit

Services By CQR