WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin AdRotate-Ad manager & AdSense Ads 'adrotate-out.php' SQL Injection (3.6.6)

Description

WordPress Plugin AdRotate-Ad manager & AdSense Ads is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin AdRotate-Ad manager & AdSense Ads version 3.6.6 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.6.8 or latest

References

http://www.securityfocus.com/bid/50674/exploit

http://www.exploit-db.com/exploits/18114/

http://unconciousmind.blogspot.ro/2011/11/wordpress-adrotate-plugin-366-sql.html

http://packetstormsecurity.com/files/106961/wpadrotate366-sql.txt

Related Vulnerabilities

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0971)

WordPress Plugin Timetable and Event Schedule by MotoPress Unspecified Vulnerability (2.4.3)

WordPress Plugin Add Link to Facebook Cross-Site Scripting (2.3)

Oracle JRE CVE-2011-3546 Vulnerability (CVE-2011-3546)

WordPress Plugin BannerMan Cross-Site Scripting (0.2.4)

Severity

High

Classification

CVE-2011-4671 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update SQL Injection