Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 13/01/2015 Updated: 24/03/2015

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yourmembers project yourmembers -

Vulnerability title: Blind SQL Injection Vulnerability in YourMembers plugin CVE: N/A Vendor: YourMembers plugin Product: githubcom/YourMembers/yourmembers/tree/master/ym_trunk Affected version: Version 3, 29 June 2007 (githubcom/YourMembers/yourmembers/blob/master/LICENSE) Google dork: inurl:ym_download_id= Fixed version: N/A Rep ...

CWE-89 http://packetstormsecurity.com/files/128668/YourMembers-Blind-SQL-Injection.html http://www.exploit-db.com/exploits/34968 https://nvd.nist.gov https://www.exploit-db.com/exploits/34968/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-100003

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect