Description

SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.

Remediation

References

CVE-2008-4625

Related Vulnerabilities

WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)

FluxBB CVE-2011-3621 Vulnerability (CVE-2011-3621)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11112)

WordPress Plugin AccessPress Social Icons Multiple Cross-Site Scripting Vulnerabilities (1.5.5)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7986)

Severity

High

Classification

CVE-2008-4625 CWE-138

Tags

Missing Update Known Vulnerabilities