Published: 27/02/2014 Updated: 09/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 up to and including 3.9.5 and AdRotate Free plugin 3.9 up to and including 3.9.4 for WordPress allows remote malicious users to execute arbitrary SQL commands via the track parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adrotateplugin adrotate 3.9.3
adrotateplugin adrotate 3.9.2
adrotateplugin adrotate 3.9.
adrotateplugin adrotate 3.9.1
adrotateplugin adrotate 3.9.5
adrotateplugin adrotate 3.9.4

Advisory ID: HTB23201 Product: AdRotate Vendor: AJdG Solutions Vulnerable Version(s): 394 and probably prior Tested Version: 394 Advisory Publication: January 30, 2014 [without technical details] Vendor Notification: January 30, 2014 Vendor Patch: January 31, 2014 Public Disclosure: February 20, 2014 Vulnerability Type: SQL Injection [CWE- ...

AdRotate version 394 suffers from a remote SQL injection vulnerability ...

CWE-89 http://www.exploit-db.com/exploits/31834 http://www.securityfocus.com/bid/65709 https://www.htbridge.com/advisory/HTB23201 http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5 http://secunia.com/advisories/57079 https://exchange.xforce.ibmcloud.com/vulnerabilities/91253 http://www.securityfocus.com/archive/1/531176/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31834/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1854

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect