PT-2013-5868 · Automattic+1 · Wordpress+1
Published
2013-09-23
·
Updated
2013-09-23
·
CVE-2013-5917
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
NOSpam PTI plugin version 2.1 for WordPress
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
comment post ID parameter in the wp-comments-post.php file.Recommendations
For NOSpam PTI plugin version 2.1, update the plugin to a version that fixes this issue, ensuring the
comment post ID parameter is properly sanitized to prevent SQL injection attacks.Exploit
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nospam Pti Plugin
Wordpress