WordPress UPM Polls Plugin 'qid' Parameter SQL Injection Vulnerability Network Vulnerability

Summary

This host is running WordPress UPM Polls Plugin and is prone to SQL injection vulnerability.

Impact

Successful exploitation will allow attacker to cause SQL Injection attack and gain sensitive information. Impact Level: Application

Solution

Upgrade to UPM Polls Wordpress plugin version 1.0.4 or later For updates refer to http://wordpress.org/extend/plugins/upm-polls/

Insight

The flaw is caused by improper validation of user-supplied input passed via the 'qid' parameter to '/wp-content/plugins/upm-polls/includes/poll_logs.php' allows attacker to manipulate SQL queries by injecting arbitrary SQL code.

Affected

WordPress UPM Polls Plugin version 1.0.3 and prior.

References

http://osvdb.org/show/osvdb/74377
http://packetstormsecurity.org/files/view/103755
http://secunia.com/advisories/45535
http://www.exploit-db.com/exploits/17627

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability

Take action and discover your vulnerabilities