DTracker 1.5 - Multiple Unauthenticated Blind SQL Injections

Affects Plugin

no known fix
- plugin closed

References

CVE 2017-1002005
CVE 2017-1002004
SecurityFocus 96781
URL https://seclists.org/oss-sec/2017/q1/575
URL http://www.vapidlabs.com/advisory.php?v=183

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter ethicalhack3r
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 4625
Verified No
WPVDB ID 8775

Timeline

Publicly Published 2017-03-09 (over 3 years ago)
Added 2017-03-09 (over 3 years ago)
Last Updated 2019-11-27 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin