2017-10-16 12:31:07 -04:00
{
2019-03-18 06:02:45 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org" ,
"ID" : "CVE-2014-1854" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a" ,
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
} ,
"vendor_name" : "n/a"
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
2017-10-16 12:31:07 -04:00
{
2019-03-18 06:02:45 +00:00
"lang" : "eng" ,
"value" : "SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter."
2017-10-16 12:31:07 -04:00
}
2019-03-18 06:02:45 +00:00
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "n/a"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"name" : "adrotate-track-sql-injection(91253)" ,
"refsource" : "XF" ,
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91253"
} ,
{
"name" : "http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5" ,
"refsource" : "CONFIRM" ,
"url" : "http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5"
} ,
{
"name" : "20140220 SQL Injection in AdRotate" ,
"refsource" : "BUGTRAQ" ,
"url" : "http://www.securityfocus.com/archive/1/531176/100/0/threaded"
} ,
{
"name" : "https://www.htbridge.com/advisory/HTB23201" ,
"refsource" : "MISC" ,
"url" : "https://www.htbridge.com/advisory/HTB23201"
} ,
{
"name" : "65709" ,
"refsource" : "BID" ,
"url" : "http://www.securityfocus.com/bid/65709"
} ,
{
"name" : "31834" ,
"refsource" : "EXPLOIT-DB" ,
"url" : "http://www.exploit-db.com/exploits/31834"
} ,
{
"name" : "57079" ,
"refsource" : "SECUNIA" ,
"url" : "http://secunia.com/advisories/57079"
}
]
}
}
