CVE-2015-2065
published 2015-02-24CVE-2015-2065: SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote…
PriorityP262high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
41.07%
98.5th percentile
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apptha | wordpress_video_gallery | <= 2.7 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated GET requests to /wp-admin/admin-ajax.php with action=rss and a vid parameter containing SQL injection payloads (UNION-based injection). ↗
- →Google dork 'inurl:/wp-admin/admin-ajax.php?action=rss' can be used to identify exposed vulnerable WordPress instances; monitor for this pattern in web server logs. ↗
- →The vulnerable parameter is 'vid' in a GET request with action=rss and type=video to admin-ajax.php; alert on non-integer values in the vid parameter. ↗
- ·The vulnerability is fixed by enforcing integer casting on the vid parameter; patched in plugin version 2.8. Versions 2.7 and prior are vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Video Gallery 2.7.0 - SQL Injection
exploitdb·2015-02-12
CVE-2015-2065 WordPress Plugin Video Gallery 2.7.0 - SQL Injection
WordPress Plugin Video Gallery 2.7.0 - SQL Injection
---
######################
# Exploit Title : Wordpress Video Gallery 2.7 SQL Injection Vulnerability
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery
# Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.7.zip
# Dork Google: inurl:/wp-admin/admin-ajax.php?action=rss
# Date : 2015-02-11
# Tested on : Windows 7 / Mozilla Firefox
Linux / Mozilla Firefox
######################
# Vulnerability Disclosure Timeline:
2015-02-08: Discovered vulnerability
2015-02-09: Vendor Notification
2015-02-10: Vendor Response/Feedback
2015-02-10: Vendor Send Fix/Patch
2015-02-11: Public Disclosure
# Description
Wordpress Video Gallery 2.7 suffers fr
Metasploit
WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner
metasploit
WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner
WordPress Contus Video Gallery Unauthenticated SQL Injection Scanner
This module attempts to exploit a UNION-based SQL injection in Contus Video Gallery for Wordpress version 2.7 and likely prior in order if the instance is vulnerable.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/130371/WordPress-Video-Gallery-2.7-SQL-Injection.htmlhttp://www.exploit-db.com/exploits/36058http://www.osvdb.org/118419http://www.securityfocus.com/bid/74882https://wordpress.org/plugins/contus-video-gallery/changelog/http://packetstormsecurity.com/files/130371/WordPress-Video-Gallery-2.7-SQL-Injection.htmlhttp://www.exploit-db.com/exploits/36058http://www.osvdb.org/118419http://www.securityfocus.com/bid/74882https://wordpress.org/plugins/contus-video-gallery/changelog/
2015-02-24
Published