QwikSec

Security Database

CVE

CWE

Training

CVE-2014-5389

Published: Oct 6, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/128525/WordPress-Content-Audit-1.6-Blind-SQL-Injection.html

x_refsource_MISC

vdb-entry

x_refsource_BID

https://security.dxw.com/advisories/blind-sqli-vulnerability-in-content-audit-could-allow-a-privileged-attacker-to-exfiltrate-password-hashes/

x_refsource_MISC

20141001 Blind SQLi vulnerability in Content Audit could allow a privileged attacker to exfiltrate password hashes (WordPress plugin)

mailing-list

x_refsource_FULLDISC

https://wordpress.org/plugins/content-audit/changelog

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.