PT-2017-10999 · WordPress · Membership Simplified

Larry W. Cashdollar

Published

2017-09-14

Updated

2017-09-21

CVE-2017-1002010

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Membership Simplified version 1.58

Description The issue concerns a blind SQL injection vulnerability in the Membership Simplified plugin for WordPress. Specifically, the code in the updateDB.php file is vulnerable because it fails to sanitize user input via the recordId variable in the delete media function.

Recommendations For Membership Simplified version 1.58, consider disabling the delete media function in the updateDB.php file until a patch is available to prevent potential exploitation. Restrict access to the updateDB.php file to minimize the risk of blind SQL injection attacks. Avoid using the recordId variable in the affected function until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-1002010

Affected Products

Membership Simplified

PT-2017-10999 · WordPress · Membership Simplified

CVE-2017-1002010

Weakness Enumeration

Related Identifiers

Affected Products

References · 4