WordPress ProPlayer Plugin 'playlist-controller.php' Parameter SQL Injection Vulnerability Network Vulnerability

Summary

The ProPlayer plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. ProPlayer 4.7.7 is vulnerable other versions may also be affected.

References

http://wordpress.org/
http://www.exploit-db.com/exploits/17616/
http://www.securityfocus.com/bid/49046

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Athena Web Registration remote command execution flaw
Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
AVTECH DVR Multiple Vulnerabilities

Take action and discover your vulnerabilities