Vulnerability Details CVE-2014-3961
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.085
EPSS Ranking 91.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/show/osvdb/107626
- http://packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.html
- http://seclists.org/fulldisclosure/2014/Jun/0
- http://www.exploit-db.com/exploits/33613
- http://www.securityfocus.com/bid/67769
- https://wordpress.org/plugins/participants-database/changelog
- https://www.yarubo.com/advisories/1
- http://osvdb.org/show/osvdb/107626
- http://packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.html
- http://seclists.org/fulldisclosure/2014/Jun/0
- http://www.exploit-db.com/exploits/33613
- http://www.securityfocus.com/bid/67769
- https://wordpress.org/plugins/participants-database/changelog
- https://www.yarubo.com/advisories/1
Products affected by CVE-2014-3961
-
cpe:2.3:a:xnau:participants_database:1.4
-
cpe:2.3:a:xnau:participants_database:1.4.2
-
cpe:2.3:a:xnau:participants_database:1.4.3
-
cpe:2.3:a:xnau:participants_database:1.4.4
-
cpe:2.3:a:xnau:participants_database:1.4.5
-
cpe:2.3:a:xnau:participants_database:1.4.5.1
-
cpe:2.3:a:xnau:participants_database:1.4.5.2
-
cpe:2.3:a:xnau:participants_database:1.4.6
-
cpe:2.3:a:xnau:participants_database:1.4.7
-
cpe:2.3:a:xnau:participants_database:1.4.8
-
cpe:2.3:a:xnau:participants_database:1.4.9
-
cpe:2.3:a:xnau:participants_database:1.4.9.1
-
cpe:2.3:a:xnau:participants_database:1.4.9.2
-
cpe:2.3:a:xnau:participants_database:1.4.9.3
-
cpe:2.3:a:xnau:participants_database:1.5
-
cpe:2.3:a:xnau:participants_database:1.5.1
-
cpe:2.3:a:xnau:participants_database:1.5.2
-
cpe:2.3:a:xnau:participants_database:1.5.3
-
cpe:2.3:a:xnau:participants_database:1.5.4
-
cpe:2.3:a:xnau:participants_database:1.5.4.1
-
cpe:2.3:a:xnau:participants_database:1.5.4.2
-
cpe:2.3:a:xnau:participants_database:1.5.4.3
-
cpe:2.3:a:xnau:participants_database:1.5.4.4
-
cpe:2.3:a:xnau:participants_database:1.5.4.5
-
cpe:2.3:a:xnau:participants_database:1.5.4.6
-
cpe:2.3:a:xnau:participants_database:1.5.4.7
-
cpe:2.3:a:xnau:participants_database:1.5.4.8