DukaPress <= 2.5.9 - Unauthenticated Blind SQL Injection



Description
The code in dukapress/download.php does not sanitize user input from $_GET['id'] before passing it to query() allowing SQL to be injected.

The user is not required to be logged into WordPress in order to exploit this vulnerability.

Affects Plugin

fixed in version 2.5.9.1

References

CVE 2015-1000011
URL http://www.vapid.dhs.org/advisory.php?v=152

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter Larry W. Cashdollar
Submitter Twitter _larry0
Views 5076
Verified No
WPVDB ID 8155

Timeline

Publicly Published 2015-08-22 (about 4 years ago)
Added 2015-08-22 (about 4 years ago)
Last Updated 2019-08-25 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin