Wordpress Google Document Embedder SQL Injection Vulnerability Network Vulnerability

Summary

This host is installed with WordPress Google Document Embedder and is prone to sql injection vulnerability.

Impact

Successful exploitation will allow attacker to manipulate SQL queries in the backend database, and disclose certain sensitive information. Impact Level: Application

Solution

Upgrade to version 2.5.15 or later, For updates refer http://wordpress.org/extend/plugins/google-document-embedder

Insight

Flaw is due to the /google-document-embedder /view.php script not properly sanitizing user-supplied input via the 'gpid' GET parameter.

Affected

WordPress Google Doc Embedder Plugin version 2.5.14, prior may also be affected.

Detection

Send a crafted request via HTTP GET and check whether it is able to execute sql query or not.

References

http://1337day.com/exploit/22921
http://osvdb.org/115044
http://www.exploit-db.com/exploits/35371
http://xforce.iss.net/xforce/xfdb/98944
https://wpvulndb.com/vulnerabilities/7690

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Admbook PHP Code Injection Flaw
AVTECH DVR Multiple Vulnerabilities
Alchemy Eye HTTP Command Execution
b2ePMS Multiple SQL Injection Vulnerabilities
Arkeia Appliance Multiple Vulnerabilities

Take action and discover your vulnerabilities