Lucene search

[email protected]CVE-2013-3532

HistoryMay 10, 2013 - 9:55 p.m.

CVE-2013-3532

2013-05-1021:55:02

CWE-89

[email protected]

web.nvd.nist.gov

cve

2013

3532

sql injection

web dorado

spider video player

wordpress

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.7%

JSON

SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter.

Affected configurations

NVD

Node

webdoradospider_video_playerMatch2.1

AND

wordpresswordpressMatch-

CPENameOperatorVersion
webdorado:spider_video_playerwebdorado spider video playereq2.1

CPE	Name	Operator	Version
webdorado:spider_video_player	webdorado spider video player	eq	2.1

References

osvdb.org/92264

packetstormsecurity.com/files/121250/WordPress-Spider-Video-Player-2.1-SQL-Injection.html

packetstormsecurity.com/files/128851/WordPress-HTML5-Flash-Player-SQL-Injection.html

www.securityfocus.com/bid/59021

www.securityfocus.com/bid/70763

exchange.xforce.ibmcloud.com/vulnerabilities/83374

exchange.xforce.ibmcloud.com/vulnerabilities/98332

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.7%

JSON

Related for CVE-2013-3532

prion1 cvelist1 nvd1 wpvulndb1