Published: 02/12/2011 Updated: 13/12/2011

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions prior to 3.6.8, for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter (aka redirect URL).

Vulnerable Product	Search on Vulmon	Subscribe to Product
adrotateplugin adrotate 3.6.3
adrotateplugin adrotate 3.6.2
adrotateplugin adrotate 3.3
adrotateplugin adrotate 3.2.2
adrotateplugin adrotate 3.0.1
adrotateplugin adrotate 3.0
adrotateplugin adrotate 2.4.1
adrotateplugin adrotate 2.4
adrotateplugin adrotate 1.0
adrotateplugin adrotate 0.8
adrotateplugin adrotate 0.2
adrotateplugin adrotate 0.1
adrotateplugin adrotate
adrotateplugin adrotate 3.6.6
adrotateplugin adrotate 3.5.1
adrotateplugin adrotate 3.5
adrotateplugin adrotate 3.1.1
adrotateplugin adrotate 3.1
adrotateplugin adrotate 2.5
adrotateplugin adrotate 2.4.4
adrotateplugin adrotate 2.2
adrotateplugin adrotate 2.1
adrotateplugin adrotate 0.6
adrotateplugin adrotate 0.5
adrotateplugin adrotate 3.6.1
adrotateplugin adrotate 3.6
adrotateplugin adrotate 3.2.1
adrotateplugin adrotate 3.2
adrotateplugin adrotate 2.6.1
adrotateplugin adrotate 2.6
adrotateplugin adrotate 2.5.1
adrotateplugin adrotate 2.3.1
adrotateplugin adrotate 2.3
adrotateplugin adrotate 0.7.1
adrotateplugin adrotate 0.7
adrotateplugin adrotate 3.6.5
adrotateplugin adrotate 3.6.4
adrotateplugin adrotate 3.4
adrotateplugin adrotate 3.3.1
adrotateplugin adrotate 3.0.3
adrotateplugin adrotate 3.0.2
adrotateplugin adrotate 2.4.3
adrotateplugin adrotate 2.4.2
adrotateplugin adrotate 2.0.1
adrotateplugin adrotate 2.0
adrotateplugin adrotate 0.4
adrotateplugin adrotate 0.3

# Exploit Title: WordPress AdRotate plugin <= 365 SQL Injection Vulnerability # Date: 2011-09-22 # Author: Miroslav Stampar (miroslavstampar(at)gmailcom @stamparm) # Software Link: downloadswordpressorg/plugin/adrotate365zip # Version: 365 (tested) # Note: magic_quotes has to be turned off --- PoC --- wwwsitecom/wp-c ...

# Exploit Title: WordPress AdRotate plugin <= 366 SQL Injection Vulnerability # Date: 2011-11-8 # Author: Miroslav Stampar (miroslavstampar(at)gmailcom @stamparm) # Software Link: downloadswordpressorg/plugin/adrotate366zip # Version: 366 (tested) # Note: parameter $_GET["track"] has to be Base64 encoded --- PoC --- ww ...

CWE-89 http://www.exploit-db.com/exploits/18114 http://secunia.com/advisories/46814 http://downloads.wordpress.org/plugin/adrotate.3.6.8.zip http://unconciousmind.blogspot.com/2011/11/wordpress-adrotate-plugin-366-sql.html http://www.securityfocus.com/bid/50674 https://nvd.nist.gov https://www.exploit-db.com/exploits/17888/

CVE-2011-4671

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect