SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.
References
Link | Resource |
---|---|
https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html | Exploit Third Party Advisory |
https://wordpress.org/plugins/smart-google-code-inserter/#developers | Release Notes Third Party Advisory |
https://wpvulndb.com/vulnerabilities/8988 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/43420/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-01T06:00:00
Updated: 2018-01-09T10:57:01
Reserved: 2018-01-01T00:00:00
Link: CVE-2018-3811
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-01-01T06:29:00.247
Modified: 2018-01-16T18:39:22.920
Link: CVE-2018-3811
JSON object: View
Redhat Information
No data.
CWE