QwikSec

Security Database

CVE

CWE

Training

CVE-2018-3811

Published: Jan 1, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wpvulndb.com/vulnerabilities/8988

x_refsource_MISC

https://wordpress.org/plugins/smart-google-code-inserter/#developers

x_refsource_MISC

https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.html

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.