WordPress Video Player Plugin 'settings. php' SQL Injection Vulnerability
Release date:
Updated on:
Affected Systems:
WordPress Spider Video Player
Description:
Bugtraq id: 70763
WordPress Spider Video Player is a Video Player Plug-in.
WordPress Video Player does not effectively filter 'settings. php' values. An SQL injection vulnerability exists in the implementation. Attackers can exploit this vulnerability to perform unauthorized database operations.
<* Source: Hugo Santiago dos Santos
*>
Test method:
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/wp-content/plugins/player/settings.php? Playlist = 1 & amp; theme = 1 [SQLI]
Suggestion:
Vendor patch:
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://wordpress.org/extend/plugins/player/
This article permanently updates the link address: