NVD

Id
24254  
Name
CVE-2015-2090  
Description
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-02-26  
Modified Date
2016-11-29  
Seq
2015-2090  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
128442 24254 CVE-2015-2090 http://packetstormsecurity.com/files/130381/WordPress-Survey-And-Poll-1.1.7-Blind-SQL-Injection.html  View
128443 24254 CVE-2015-2090 36054  View
128444 24254 CVE-2015-2090 74890  View
128445 24254 CVE-2015-2090 https://wordpress.org/plugins/wp-survey-and-poll/changelog/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
6314 JVNDB-2015-001634 Wordpress 用 WordPress Survey and Poll プラグインにおける SQL インジェクションの脆弱性 Wordpress 用 WordPress Survey and Poll プラグインの settings.php の ajax_survey 関数には、SQL インジェクションの脆弱性が存在します。 CVE-2015-2090 79315 CVE-2015-2090 24254 7.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-001634.html 2015-02-11 2015-02-27 View