Summary
This host is running WordPress UPM Polls Plugin and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow attacker to cause SQL Injection attack and gain sensitive information.
Impact Level: Application
Solution
Upgrade to UPM Polls Wordpress plugin version 1.0.4 or later For updates refer to http://wordpress.org/extend/plugins/upm-polls/
Insight
The flaw is caused by improper validation of user-supplied input passed via the 'qid' parameter to '/wp-content/plugins/upm-polls/includes/poll_logs.php' allows attacker to manipulate SQL queries by injecting arbitrary SQL code.
Affected
WordPress UPM Polls Plugin version 1.0.3 and prior.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability