vendor:
A to Z Category Listing
by:
Miroslav Stampar
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: A to Z Category Listing
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:a_to_z_category_listing
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011
WordPress A to Z Category Listing plugin <= 1.3 SQL Injection Vulnerability
A SQL injection vulnerability exists in WordPress A to Z Category Listing plugin version 1.3 and earlier. The vulnerability is due to insufficient sanitization of user-supplied input in the 'R' parameter of the 'post_retrive_ajax.php' script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database.
Mitigation:
Ensure that user-supplied input is properly sanitized before being used in SQL queries.