PT-2011-5018 · WordPress · Adrotate
Miroslav Stampar
·
Published
2011-12-02
·
Updated
2011-12-13
·
CVE-2011-4671
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
AdRotate plugin versions 3.6.6 through 3.6.7
Description
The issue allows remote attackers to execute arbitrary SQL commands via the
track parameter, also known as the redirect URL, in the adrotate/adrotate-out.php file.Recommendations
For AdRotate plugin versions 3.6.6 through 3.6.7, update to version 3.6.8 or later to resolve the issue.
Exploit
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Adrotate