CVE-2015-4066
published 2015-05-27CVE-2015-4066: Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute…
PriorityP342medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
4.19%
89.7th percentile
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tri | gigpress | < 2.3.11 | 2.3.11 |
| tri | gigpress | <= 2.3.8 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-47fh-93cq-wjp3: The gigpress plugin before 2
ghsa_unreviewed·2022-05-24·CVSS 6.5
CVE-2015-9353 [MEDIUM] CWE-89 GHSA-47fh-93cq-wjp3: The gigpress plugin before 2
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066.
GHSA
GHSA-4394-5727-8668: Multiple SQL injection vulnerabilities in admin/handlers
ghsa_unreviewed·2022-05-13
CVE-2015-4066 [MEDIUM] CWE-89 GHSA-4394-5727-8668: Multiple SQL injection vulnerabilities in admin/handlers
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/132036/WordPress-GigPress-2.3.8-SQL-Injection.htmlhttp://www.securityfocus.com/bid/74747https://wordpress.org/plugins/gigpress/changelog/https://www.exploit-db.com/exploits/37109/http://packetstormsecurity.com/files/132036/WordPress-GigPress-2.3.8-SQL-Injection.htmlhttp://www.securityfocus.com/bid/74747https://wordpress.org/plugins/gigpress/changelog/https://www.exploit-db.com/exploits/37109/
2015-05-27
Published