QwikSec

Security Database

CVE

CWE

Training

CVE-2015-2090

Published: Feb 26, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

https://wordpress.org/plugins/wp-survey-and-poll/changelog/

x_refsource_MISC

http://packetstormsecurity.com/files/130381/WordPress-Survey-And-Poll-1.1.7-Blind-SQL-Injection.html

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.