WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities

IT Swift - Know IT News Swiftly

WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities

Exploit Title: WordPress Daily Edition Theme v1.6.2 /fiche-disque.php id Parameters SQL Injection Security Vulnerabilities

Product: WordPress Daily Edition Theme

Vendor: WooThemes

Vulnerable Versions: v1.6.2

Tested Version: v1.6.2

Advisory Publication: Mar 07, 2015

Latest Update: Mar 07, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]


wordpress_daily_edition_3

Advisory Details:

(1) Vendor & Product Description:

Vendor:

WooThemes

Product & Version:

WordPress Daily Edition Theme

v1.6.2

Vendor URL & Download:

WordPress Daily Edition Theme can be got from here,

http://www.woothemes.com/products/daily-edition/

Product Introduction:

“Daily Edition WordPress Theme developed by wootheme team and Daily Edition is a clean, spacious newspaper/magazine theme designed by Liam McKay. With loads of home…

View original post 256 more words

Advertisements

About essaybeans

Getting realistic and idealistic at the same time.
This entry was posted in Computer & Web Technology, IT Technology and tagged , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s