PT-2017-17168 · WordPress · Mail Masta

Hamkovic

Published

2017-03-09

Updated

2019-03-19

CVE-2017-6575

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mail Masta plugin version 1.0

Description A SQL injection issue is present, which can be exploited with WordPress admin access. This issue affects the ./inc/lists/edit member.php file, specifically with the member id GET parameter.

Recommendations For Mail Masta plugin version 1.0, consider restricting access to the ./inc/lists/edit member.php file or avoiding the use of the member id parameter until a fix is available. As a temporary workaround, disabling the edit member.php functionality could help minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-6575

Affected Products

Mail Masta

PT-2017-17168 · WordPress · Mail Masta

CVE-2017-6575

Weakness Enumeration

Related Identifiers

Affected Products

References · 4