Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2018-3811

Published: 01/01/2018 Updated: 16/01/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Oturia

Vulnerability Summary

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin prior to 3.5 for WordPress allows unauthenticated malicious users to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.

Vulnerable Product Search on Vulmon Subscribe to Product

oturia smart google code inserter

Vendor Advisories

Check Point Security Alerts: WordPress Oturia Smart Google Code Inserter Plugin SQL Injection (CVE-2018-3811)
Check Point Reference: CPAI-2018-2681 Date Published: 12 Mar 2024 Severity: Critical ...

Exploits

Exploit DB: WordPress Plugin Smart Google Code Inserter < 3.5 - Authentication Bypass / SQL Injection
Exploit Title: Smart Google Code Inserter &lt; 35 - Auth Bypass/SQLi Google Dork: inurl:wp-content/plugins/smart-google-code-inserter/ Date: 26-Nov-17 Exploit Author: Benjamin Lim Vendor Homepage: oturiacom/ Software Link: wordpressorg/plugins/smart-google-code-inserter/ Version: 34 Tested on: Kali Linux 20 CVE : CVE-2018-3810 ( ...
Exploit DB: WordPress Smart Google Code Inserter SQL Injection
WordPress Smart Google Code Inserter plugin versions prior to 35 suffers from a remote SQL injection vulnerability that allows for authentication bypass ...

Github Repositories

https://github.com/cved-sources/cve-2018-3811

cve-2018-3811

CVE-2018-3811 This is part of Cved: a tool to manage vulnerable docker containers Cved: githubcom/git-rep-src/cved Image source: githubcom/cved-sources/cve-2018-3811 Image author: githubcom/cved-sources/cve-2018-3811

References

CWE-89https://wordpress.org/plugins/smart-google-code-inserter/#developershttps://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.htmlhttps://www.exploit-db.com/exploits/43420/https://wpvulndb.com/vulnerabilities/8988https://nvd.nist.govhttps://github.com/cved-sources/cve-2018-3811https://www.exploit-db.com/exploits/43420/https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2018-2681.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook