Vulnerability Details CVE-2014-8810
SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.7%
CVSS Severity
CVSS v2 Score 6.5
References
- http://secunia.com/advisories/62643
- http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html
- http://www.exploit-db.com/exploits/35505
- http://www.wpsymposium.com/2014/11/release-information-for-v14-11/
- http://secunia.com/advisories/62643
- http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html
- http://www.exploit-db.com/exploits/35505
- http://www.wpsymposium.com/2014/11/release-information-for-v14-11/
Products affected by CVE-2014-8810
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.23
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.24
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.25
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.26
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.26.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.27
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.27.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.28
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.29
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.29.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.29.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.29.3
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.29.4
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.30
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.30.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.31
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.32
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.33
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.33.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.33.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.33.3
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.33.4
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.33.5
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.34
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.34.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.1.34.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.35
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.36
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.36.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.37
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.37.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.38
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.38.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.38.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.39
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.39.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.40
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.41
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.42
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.43
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.44
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.45
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.46
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.46.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.47.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.47.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.48
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.48.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.48.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.49
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.49.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.49.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.49.3
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.49.4
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.49.5
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.49.6
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.49.7
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.49.8
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.49.9
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.50
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.51
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.51.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.51.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.52
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.52.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.52.3
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.52.4
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.52.5
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.53.10
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.53.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.53.3
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.53.4
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.53.5
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.53.6
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.53.7
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.53.8
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.53.9
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.54
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.54.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.55
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.55.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.56
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.56.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.56.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.56.3
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.57
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.57.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.57.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.58
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.58.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.59
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.59.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.59.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.59.3
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.59.4
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.59.5
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.59.6
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.60
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.61
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.61.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.62
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.62.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.62.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.63
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.63.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.63.2
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.63.2.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.63.3
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:0.64
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.10.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.10.15
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.10.22
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.10.29
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.10.8
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.11.05
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.11.12
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.11.19
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.11.19.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.11.26
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.12.03
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.12.08
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.12.24
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.8.18
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.8.19
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.8.19.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.8.21
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.8.27
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.9.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.9.10
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.9.13
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.9.14
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.9.17
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.9.24
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:11.9.4
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.01.07
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.01.14
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.01.21
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.01.28
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.02.04
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.02.11
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.02.18
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.02.25
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.02.26
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.03.03
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.03.05
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.03.10
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.04.21
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.04.24
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.04.25
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.04.28
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.04.30
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.05.05
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.05.13
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.05.14
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.05.19
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.05.26
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.06.02
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.06.16
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.06.23
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.06.23.1
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.06.30
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.07.01
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.07.02
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.07.07
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.07.14
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.09
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.10
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.11
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:12.12
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:13.02
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:13.04
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:13.05
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:13.07
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:13.08
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:13.08.01
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:13.10
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:13.12
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:14.02
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:14.03
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:14.04
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:14.05
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:14.05.01
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:14.05.02
-
cpe:2.3:a:wpsymposiumpro:wp_symposium:14.10