Release date:
Updated on:
Affected Systems:
WordPress Easy Career Openings
Description:
--------------------------------------------------------------------------------
Bugtraq id: 64167
WordPress Easy Career Openings plug-ins are plug-ins for adding vacant positions on the WordPress blog site.
The WordPress Easy Career Openings plug-in has the SQL injection vulnerability in the implementation of the jobid parameter. After successful exploitation, attackers can execute unauthorized database operations.
<* Source: Iranian_Dark_Coders_Team
Black. Hack3r
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/career-details? Jobid = 3 & #39; [SQL Injection]
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://wordpress.org/plugins/easy-career-openings/