codepeople cp-polls Plugin cp-admin-int-message-list.inc.php sql injection
CVE-2014-125091

4.7MEDIUM

Key Information:

Vendor
Wordpress
Status
Cp-polls Plugin
Vendor
CVE Published:
4 March 2023

Summary

A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268.

Affected Version(s)

cp-polls Plugin 1.0.1

References

https://vuldb.com/?id.222268
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222268
signaturepermissions-required
https://github.com/wp-plugins/cp-polls/commit/6d7168cbf12...
patch

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.