Plugin HD Webplayer <= 1.1 - SQL Injections



Description
The last time it was checked the plugin was still affected and had been closed.
Proof of Concept
http://example.com/wp-content/plugins/hd-webplayer/config.php?id=[INJECT HERE]
http://example.com/wp-content/plugins/hd-webplayer/playlist.php?videoid=[INJECT HERE]

Affects Plugin

no known fix
- plugin closed

References

ExploitDB 20918

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher JOINSE7EN
Submitter Chris Moore
Views 322
Verified No
WPVDB ID 9876

Timeline

Publicly Published 2012-08-28 (almost 8 years ago)
Added 2019-09-10 (10 months ago)
Last Updated 2020-03-13 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin