6
CVE-2011-4646
- EPSS 1.63%
- Veröffentlicht 30.11.2011 19:55:00
- Zuletzt bearbeitet 16.06.2026 23:35:11
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWP-PostRatings <= 1.61 - SQL Injection
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
Mögliche Gegenmaßnahme
WP-PostRatings: Update to version 1.62, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lesterchan ≫ Wp-postratings Version1.50
Lesterchan ≫ Wp-postratings Version1.61
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP-PostRatings
Version
*-1.61
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.63% | 0.731 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://plugins.trac.wordpress.org/changeset/430970/wp-postratings/trunk/wp-postratings.php?old=355076&old_path=wp-postratings%2Ftrunk%2Fwp-postratings.php
http://secunia.com/advisories/46328
http://wordpress.org/extend/plugins/wp-postratings/changelog/
http://www.securityfocus.com/bid/49986
https://www.wordfence.com/threat-intel/vulnerabilities/id/2b8306b8-1f4c-48fb-8eb7-bf02a2f77e04