Back to search
CVE-2019-14230
Published: Jul 21, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the set_count ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged user to perform a SQL injection attack capable of remote code execution and information disclosure.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.openwall.com/lists/oss-security/2019/07/21/1
x_refsource_MISC
[oss-security] 20190722 Re: Two unauthenticated SQL injection vulnerabilities in Onionbuzz WordPress plugin
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now