VAR-201503-0451
Vulnerability from variot - Updated: 2023-12-18 14:01SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. All In One WP Security & Firewall is WordPress plugin that provides security functionality. ooooooo_q reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "all in one wordpress security and firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "tips and tricks hq",
"version": "3.8.7"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "lte",
"trust": 0.8,
"vendor": "tips and tricks hq",
"version": "v3.8.7"
},
{
"model": "all in one wordpress security and firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "tips and tricks hq",
"version": "3.8.7"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.7"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.6"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.5"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.4"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.3"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.2"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.1"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.8"
}
],
"sources": [
{
"db": "BID",
"id": "74856"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "NVD",
"id": "CVE-2015-0894"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall:*:*:*:*:*:wordpress:*:*",
"cpe_name": [],
"versionEndIncluding": "3.8.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0894"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ooooooo_q",
"sources": [
{
"db": "BID",
"id": "74856"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0894",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2015-000037",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-78840",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0894",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000037",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-126",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78840",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78840"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "NVD",
"id": "CVE-2015-0894"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the All In One WP Security \u0026 Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. All In One WP Security \u0026 Firewall is WordPress plugin that provides security functionality. ooooooo_q reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0894"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "BID",
"id": "74856"
},
{
"db": "VULHUB",
"id": "VHN-78840"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0894",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN30832515",
"trust": 2.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-126",
"trust": 0.7
},
{
"db": "BID",
"id": "74856",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-78840",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78840"
},
{
"db": "BID",
"id": "74856"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "NVD",
"id": "CVE-2015-0894"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
}
]
},
"id": "VAR-201503-0451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78840"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:01:54.412000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "All In One WP Security \u0026 Firewall - Changelog",
"trust": 0.8,
"url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78840"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "NVD",
"id": "CVE-2015-0894"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn30832515/index.html"
},
{
"trust": 2.0,
"url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000037"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0894"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0894"
},
{
"trust": 0.3,
"url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/"
},
{
"trust": 0.3,
"url": "http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000037.html"
},
{
"trust": 0.3,
"url": "http://www.wordpress.org/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78840"
},
{
"db": "BID",
"id": "74856"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "NVD",
"id": "CVE-2015-0894"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78840"
},
{
"db": "BID",
"id": "74856"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "NVD",
"id": "CVE-2015-0894"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-78840"
},
{
"date": "2015-05-06T00:00:00",
"db": "BID",
"id": "74856"
},
{
"date": "2015-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"date": "2015-03-07T02:59:01.537000",
"db": "NVD",
"id": "CVE-2015-0894"
},
{
"date": "2015-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-126"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-78840"
},
{
"date": "2015-05-06T00:00:00",
"db": "BID",
"id": "74856"
},
{
"date": "2015-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"date": "2015-03-09T13:21:58.930000",
"db": "NVD",
"id": "CVE-2015-0894"
},
{
"date": "2015-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-126"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "All In One WP Security \u0026 Firewall vulnerable to SQL injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…