Date: Thu, 16 Jul 2015 15:02:45 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE request: WordPress plugin sp-client-document-manager Blind SQL Injection Can I get CVE identifier for WordPress plugin sp-client-document-manager Blind SQL Injection vulnerability, thanks? URL: https://wordpress.org/plugins/sp-client-document-manager/ Affected: 2.5.3 and previous version Fixed in: 2.5.4 PoC: /wordpress/wp-content/plugins/sp-client-document-manager/ajax.php?function=thumbnails&pid=[SQLi] Changelog says for 2.5.4: "Fixed exploit in ajax (credit: rh3792@...er.com)" More information: https://www.exploit-db.com/exploits/36576/ Please note that changelog also says: "126.96.36.199: Security fix, please update", but I do not yet have more information about that issue. -- Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ