7.5
CVE-2011-4803
- EPSS 0.78%
- Veröffentlicht 14.12.2011 00:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWPtouch <= 1.9.8 - SQL Injection
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
Mögliche Gegenmaßnahme
WPtouch – Make your WordPress Website Mobile-Friendly: Update to version 1.9.8.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WPtouch – Make your WordPress Website Mobile-Friendly
Version
[*, 1.9.8.1)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bravenewcode ≫ Wptouch Version1.0
Bravenewcode ≫ Wptouch Version1.1
Bravenewcode ≫ Wptouch Version1.2
Bravenewcode ≫ Wptouch Version1.3.5
Bravenewcode ≫ Wptouch Version1.4
Bravenewcode ≫ Wptouch Version1.5
Bravenewcode ≫ Wptouch Version1.6
Bravenewcode ≫ Wptouch Version1.7.5
Bravenewcode ≫ Wptouch Version1.8.9.1
Bravenewcode ≫ Wptouch Version1.8.9.3
Bravenewcode ≫ Wptouch Version1.9
Bravenewcode ≫ Wptouch Version1.9.1
Bravenewcode ≫ Wptouch Version1.9.5
Bravenewcode ≫ Wptouch Version1.9.6
Bravenewcode ≫ Wptouch Version1.9.7.6
Bravenewcode ≫ Wptouch Version1.9.7.7
Bravenewcode ≫ Wptouch Version1.9.8
Bravenewcode ≫ Wptouch Version1.9.8.1
Bravenewcode ≫ Wptouch Version1.9.8.2
Bravenewcode ≫ Wptouch Version1.9.8.3
Bravenewcode ≫ Wptouch Version1.9.9
Bravenewcode ≫ Wptouch Version1.9.9.1
Bravenewcode ≫ Wptouch Version1.9.9.2
Bravenewcode ≫ Wptouch Version1.9.9.3
Bravenewcode ≫ Wptouch Version1.9.9.4
Bravenewcode ≫ Wptouch Version1.9.9.5
Bravenewcode ≫ Wptouch Version1.9.9.6
Bravenewcode ≫ Wptouch Version1.9.9.7
Bravenewcode ≫ Wptouch Version1.9.9.8
Bravenewcode ≫ Wptouch Version1.9.10
Bravenewcode ≫ Wptouch Version1.9.11
Bravenewcode ≫ Wptouch Version1.9.12
Bravenewcode ≫ Wptouch Version1.9.13
Bravenewcode ≫ Wptouch Version1.9.14
Bravenewcode ≫ Wptouch Version1.9.15
Bravenewcode ≫ Wptouch Version1.9.16
Bravenewcode ≫ Wptouch Version1.9.17
Bravenewcode ≫ Wptouch Version1.9.18
Bravenewcode ≫ Wptouch Version1.9.19
Bravenewcode ≫ Wptouch Version1.9.19.1
Bravenewcode ≫ Wptouch Version1.9.19.2
Bravenewcode ≫ Wptouch Version1.9.19.3
Bravenewcode ≫ Wptouch Version1.9.19.4
Bravenewcode ≫ Wptouch Version1.9.19.5
Bravenewcode ≫ Wptouch Version1.9.20
Bravenewcode ≫ Wptouch Version1.9.21
Bravenewcode ≫ Wptouch Version1.9.21.1
Bravenewcode ≫ Wptouch Version1.9.22
Bravenewcode ≫ Wptouch Version1.9.22.1
Bravenewcode ≫ Wptouch Version1.9.23
Bravenewcode ≫ Wptouch Version1.9.24
Bravenewcode ≫ Wptouch Version1.9.25
Bravenewcode ≫ Wptouch Version1.9.26
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.78% | 0.732 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.