NVD

Id
33795  
Name
CVE-2014-6242  
Description
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-10-02  
Modified Date
2015-01-26  
Seq
2014-6242  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
175360 33795 CVE-2014-6242 http://packetstormsecurity.com/files/128419/All-In-One-WP-Security-3.8.2-SQL-Injection.html  View
175361 33795 CVE-2014-6242 34781  View
175362 33795 CVE-2014-6242 20140924 Two SQL Injections in All In One WP Security WordPress plugin  View
175363 33795 CVE-2014-6242 70150  View
175364 33795 CVE-2014-6242 allinone-wp-cve20146242-sql-injection(96204)  View
175365 33795 CVE-2014-6242 https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog  View
175366 33795 CVE-2014-6242 https://www.htbridge.com/advisory/HTB23231  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16113 JVNDB-2014-004988 WordPress 用 All In One WP Security & Firewall プラグインにおける SQL インジェクションの脆弱性 WordPress 用 All In One WP Security & Firewall プラグインには、SQL インジェクションの脆弱性が存在します。 CVE-2014-6242 73533 CVE-2014-6242 33795 6.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004988.html 2014-09-12 2014-10-24 View