CVE-2014-1854

Currently unrated

Key Information:

Vendor: Wordpress
Status: Adrotate
Vendor: CVE Published:; 27 February 2014

Summary

SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/91253

vdb-entryx_refsource_XF

http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/531176/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Feb 27, 2014
Vulnerability Reserved
Feb 2, 2014