Multiple SQL Injection Vulnerabilities in WordPress Poll Plugin by Cardoza
CVE-2013-1400

9.8CRITICAL

Key Information:

Vendor
Wordpress
Status
WordPress Poll
Vendor
CVE Published:
13 February 2020

Summary

The Cardoza Poll Plugin for WordPress contains multiple SQL injection vulnerabilities that can be exploited by attackers to execute arbitrary SQL commands. These vulnerabilities arise through inadequate validation of the pollid or poll_id parameters during the execution of viewPollResults or userlogs actions. By leveraging this flaw, a malicious actor can manipulate database queries, potentially gaining unauthorized access to sensitive site data and compromising the integrity of the database.

References

http://www.securityfocus.com/bid/57479
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/81466
vdb-entryx_refsource_XF
https://www.securityfocus.com/archive/1/525370
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.