PT-2019-7455 · Freshmail · Email-Newsletter Plugin

Published

2019-10-22

Updated

2019-10-24

CVE-2015-9496

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions freshmail-newsletter plugin versions prior to 1.6

Description The issue concerns a SQL Injection vulnerability via the FM form id= substring in the shortcode.php file. This allows for potential exploitation.

Recommendations For versions prior to 1.6, update to version 1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the shortcode.php file until the update is applied.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2015-9496

Affected Products

Email-Newsletter Plugin

PT-2019-7455 · Freshmail · Email-Newsletter Plugin

CVE-2015-9496

Weakness Enumeration

Related Identifiers

Affected Products

References · 5