var-201503-0451
Vulnerability from variot
SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. All In One WP Security & Firewall is WordPress plugin that provides security functionality. ooooooo_q reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "all in one wordpress security and firewall",
"scope": "lte",
"trust": 1.0,
"vendor": "tips and tricks hq",
"version": "3.8.7"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "lte",
"trust": 0.8,
"vendor": "tips and tricks hq",
"version": "v3.8.7"
},
{
"model": "all in one wordpress security and firewall",
"scope": "eq",
"trust": 0.6,
"vendor": "tips and tricks hq",
"version": "3.8.7"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.7"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.6"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.5"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.4"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.3"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.2"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.1"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8"
},
{
"model": "all in one wp security \u0026 firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "wordpress",
"version": "3.8.8"
}
],
"sources": [
{
"db": "BID",
"id": "74856"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
},
{
"db": "NVD",
"id": "CVE-2015-0894"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ooooooo_q",
"sources": [
{
"db": "BID",
"id": "74856"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0894",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2015-0894",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2015-000037",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-78840",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0894",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000037",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-126",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78840",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78840"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
},
{
"db": "NVD",
"id": "CVE-2015-0894"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the All In One WP Security \u0026 Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. All In One WP Security \u0026 Firewall is WordPress plugin that provides security functionality. ooooooo_q reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If an administrator views a malicious page while logged in, an arbitrary SQL command may be executed. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0894"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "BID",
"id": "74856"
},
{
"db": "VULHUB",
"id": "VHN-78840"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0894",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN30832515",
"trust": 2.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-126",
"trust": 0.7
},
{
"db": "BID",
"id": "74856",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-78840",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78840"
},
{
"db": "BID",
"id": "74856"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
},
{
"db": "NVD",
"id": "CVE-2015-0894"
}
]
},
"id": "VAR-201503-0451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78840"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:59:36.766000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "All In One WP Security \u0026 Firewall - Changelog",
"trust": 0.8,
"url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78840"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "NVD",
"id": "CVE-2015-0894"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn30832515/index.html"
},
{
"trust": 2.0,
"url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000037"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0894"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0894"
},
{
"trust": 0.3,
"url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/"
},
{
"trust": 0.3,
"url": "http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000037.html"
},
{
"trust": 0.3,
"url": "http://www.wordpress.org/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78840"
},
{
"db": "BID",
"id": "74856"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
},
{
"db": "NVD",
"id": "CVE-2015-0894"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78840"
},
{
"db": "BID",
"id": "74856"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
},
{
"db": "NVD",
"id": "CVE-2015-0894"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-78840"
},
{
"date": "2015-05-06T00:00:00",
"db": "BID",
"id": "74856"
},
{
"date": "2015-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"date": "2015-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-126"
},
{
"date": "2015-03-07T02:59:01.537000",
"db": "NVD",
"id": "CVE-2015-0894"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-78840"
},
{
"date": "2015-05-06T00:00:00",
"db": "BID",
"id": "74856"
},
{
"date": "2015-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000037"
},
{
"date": "2015-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-126"
},
{
"date": "2024-11-21T02:23:57.077000",
"db": "NVD",
"id": "CVE-2015-0894"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "All In One WP Security \u0026 Firewall vulnerable to SQL injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000037"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-126"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…