SQL Injection Vulnerability in Download Monitor Plugin for WordPress
CVE-2008-2034

Currently unrated

Key Information:

Vendor: Wordpress
Status: Download Monitor Plugin
Vendor: CVE Published:; 30 April 2008

Summary

The Download Monitor plugin version 2.0.6 for WordPress contains an SQL injection vulnerability in the wp-download_monitor/download.php file. This flaw enables remote attackers to send crafted requests via the 'id' parameter, which could lead to unauthorized SQL commands being executed on the database. As a result, attackers may gain access to sensitive data or compromise the integrity of the system. Ensuring your plugin is up-to-date and implementing security best practices are crucial for protecting against such vulnerabilities.

References

http://www.securityfocus.com/bid/28975

vdb-entryx_refsource_BID

http://secunia.com/advisories/29876

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/42094

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Apr 30, 2008
Vulnerability Reserved
Apr 30, 2008