Vulnerability Details CVE-2015-7670
Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/archive/1/536624/100/0/threaded
- https://wordpress.org/plugins/simple-support-ticket-system/#developers
- https://wpvulndb.com/vulnerabilities/8207
- http://www.securityfocus.com/archive/1/536624/100/0/threaded
- https://wordpress.org/plugins/simple-support-ticket-system/#developers
- https://wpvulndb.com/vulnerabilities/8207
Products affected by CVE-2015-7670
-
cpe:2.3:a:support_ticket_system_project:support_ticket_system:1.0
-
cpe:2.3:a:support_ticket_system_project:support_ticket_system:1.0.1
-
cpe:2.3:a:support_ticket_system_project:support_ticket_system:1.1
-
cpe:2.3:a:support_ticket_system_project:support_ticket_system:1.2