Release date:
Updated on:
Affected Systems:
WordPress Easy Webinar
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56305
Easy Webinar is Wordpress's Automatic Network conferencing software.
The Easy Webinar plugin has the SQL injection vulnerability. Attackers can exploit this vulnerability to control applications, access or modify data, and exploit other vulnerabilities in lower-level databases.
<* Source: Robert Cooper
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/wp-content/plugins/webinar_plugin/get-widget.php? Wid = 3 & #39; or & #39; x & #39 ;=& #39; x [SQLi]
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.tenable.com/