CVE-2014-5189
published 2014-08-07CVE-2014-5189: SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via…
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.59%
90.5th percentile
SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Lead Octopus Power - 'id' SQL Injection
exploitdb·2014-07-28
CVE-2014-5189 WordPress Plugin Lead Octopus Power - 'id' SQL Injection
WordPress Plugin Lead Octopus Power - 'id' SQL Injection
---
source: https://www.securityfocus.com/bid/68934/info
The Lead Octopus Power plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/wp-content/plugins/Lead-Octopus-Power/lib/optin/optin_page.php?id=[SQL]
Exploit-DB
GOM Player 2.2.57.5189 - '.ogg' Crash (PoC)
exploitdb·2014-05-12·CVSS 4.3
CVE-2014-3216 [MEDIUM] GOM Player 2.2.57.5189 - '.ogg' Crash (PoC)
GOM Player 2.2.57.5189 - '.ogg' Crash (PoC)
---
'''
# Exploit Title: [Gomplayer Memory Corruption vulnerability latest Version
2.2.57.5189 ]
# Date: [2014/05/06]
# Exploit Author: [Aryan Bayaninejad]
# Linkedin : https://www.linkedin.com/profile/view?id=276969082
# Vendor Homepage: [www.gomlab.com]
# Software Link: [
http://filehippo.com/download_gom_player/download/126691285c2a87ec66d7f74b48639f08/
]
# Version: [Version 2.2.57.5189 and probably prior to that]
# Tested on: [Windows Xp Sp 3 x86]
# CVE : [CVE-2014-3216]
details:
Gomplayer version 2.2.57.5189 and prior to that are vulnerable to a memory
corruption vulnerability via a malformed ogg file format , Tested on
Windows XP Sp3 x86.
Poc:
'''
#!/usr/bin/python
data =
"\x4F\x67\x67\x53\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x5
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/109642http://packetstormsecurity.com/files/127640/WordPress-Lead-Octopus-Power-SQL-Injection.htmlhttp://www.securityfocus.com/bid/68934https://exchange.xforce.ibmcloud.com/vulnerabilities/94912http://osvdb.org/show/osvdb/109642http://packetstormsecurity.com/files/127640/WordPress-Lead-Octopus-Power-SQL-Injection.htmlhttp://www.securityfocus.com/bid/68934https://exchange.xforce.ibmcloud.com/vulnerabilities/94912
2014-08-07
Published