Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Apr 2015 11:20:11 +0200
From: "Hannes Trunde" <hannes.trunde@...il.com>
To: <cve-assign@...re.org>
Cc: <oss-security@...ts.openwall.com>
Subject: AW: CVE request: SQL injection vulnerability in WordPress plugins Community Events 1.3.5, Tune Library 1.5.4, WP Symposium 15.1

> > 3) WP Symposium plugin SQL injection vulnerability 
> > Affected version: 15.1 (and likely all versions below) 
> > Fixed version: Not yet available, author is working on a fix 
> > Plugin URL: https://wordpress.org/plugins/wp-symposium/  (still disabled
by WordPress.org team)
>
> Is this different from
>
>   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8810
>
> ? We feel that we may not have definitive information about whether that
SQL injection was ever fixed. The
http://www.wpsymposium.com/2014/11/release-information-for-v14-11/
> page no longer exists with its 2014 content, but had previously only
mentioned fixing XSS, not fixing SQL injection.

Hi,

it's definitely a different vulnerability, as CVE-2014-8810 regards a SQL
injection vulnerability in ajax/mail_functions.php whereas the problem I
discovered exists in a forum function. I received the following notification
from the plugin author:

> From: Simon (WPS) [mailto:simon@...ymposium.com] 
> Sent: Wednesday, 15. April 2015 09:54
> To: Hannes Trunde
> Subject: Re: AW: SQL Injection Vulnerability in WP Symposium
>
> Thanks Hannes, I've implemented the fix in the code and will be looking to
get it uploaded to the WordPress repo later today.
>
> Kind regards
> Simon

I will post the changelog link and details of the vulnerability as soon as
the plugin page is online again.

By the way - what would be the best way to publish the vulnerability
details? A reply to this thread or posting it to Exploit-DB, Packet Storm or
other mailing lists like Fulldisc or Bugtraq? Any best practices?

Thank you very much!

--
Hannes Trunde





Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ