CVE-2014-8810

Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 24/12/2014 Updated: 30/10/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin prior to 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wpsymposiumpro wp symposium

# Exploit Title: WP Symposium 1410 SQL Injection # Date: 22-10-2014 # Exploit Author: Kacper Szurek - securityszurekpl/ twittercom/KacperSzurek # Software Link: downloadswordpressorg/plugin/wp-symposium1410zip # Category: webapps # CVE: CVE-2014-8810 1 Description $_POST['tray'] is not escaped File: wp-sympos ...

CWE-89 http://www.exploit-db.com/exploits/35505 http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html http://www.wpsymposium.com/2014/11/release-information-for-v14-11/http://secunia.com/advisories/62643 https://nvd.nist.gov https://www.exploit-db.com/exploits/35505/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-8810

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect