CVE-2014-9097
published 2014-11-26CVE-2014-9097: Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.17%
91.4th percentile
Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apptha | contus_video_gallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Video Gallery 2.7.0 - SQL Injection
exploitdb·2015-02-12
CVE-2015-2065 WordPress Plugin Video Gallery 2.7.0 - SQL Injection
WordPress Plugin Video Gallery 2.7.0 - SQL Injection
---
######################
# Exploit Title : Wordpress Video Gallery 2.7 SQL Injection Vulnerability
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery
# Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.7.zip
# Dork Google: inurl:/wp-admin/admin-ajax.php?action=rss
# Date : 2015-02-11
# Tested on : Windows 7 / Mozilla Firefox
Linux / Mozilla Firefox
######################
# Vulnerability Disclosure Timeline:
2015-02-08: Discovered vulnerability
2015-02-09: Vendor Notification
2015-02-10: Vendor Response/Feedback
2015-02-10: Vendor Send Fix/Patch
2015-02-11: Public Disclosure
# Description
Wordpress Video Gallery 2.7 suffers fr
Exploit-DB
WordPress Plugin Video Gallery 2.5 - Multiple Vulnerabilities
exploitdb·2014-07-24
CVE-2014-9098 WordPress Plugin Video Gallery 2.5 - Multiple Vulnerabilities
WordPress Plugin Video Gallery 2.5 - Multiple Vulnerabilities
---
Wordpress Video Gallery
######################
# Exploit Title : Wordpress Video Gallery 2.5 SQL Injection and XSS Vulnerabilities
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery
# Software Link : http://downloads.wordpress.org/plugin/contus-video-gallery.2.5.zip ( Fixed :\ )
# Dork Google: inurl:/contus-video-gallery/hdflvplayer/hdplayer.swf
(Click on "Repeat the search with the omitted results included")
# Date : 2014-07-15
# Tested on : Windows 7 / Mozilla Firefox
Windows 7 / sqlmap (0.8-1)
Linux / Mozilla Firefox
Linux / sqlmap 1.0-dev-5b2ded0
######################
# Vulnerability Disclosure Timeline:
2014-07-15: Discovered vulnerabilit
No writeups or analysis indexed.
http://packetstormsecurity.com/files/127611/WordPress-Video-Gallery-2.5-Cross-Site-Scripting-SQL-Injection.htmlhttp://wordpress.org/plugins/contus-video-gallery/changeloghttp://www.securityfocus.com/bid/68883http://packetstormsecurity.com/files/127611/WordPress-Video-Gallery-2.5-Cross-Site-Scripting-SQL-Injection.htmlhttp://wordpress.org/plugins/contus-video-gallery/changeloghttp://www.securityfocus.com/bid/68883
2014-11-26
Published