mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
1020 B
1020 B
CVE-2014-9097
Description
Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php.
POC
Reference
Github
No PoCs found on GitHub currently.