Lucene search

[email protected]CVE-2014-100022

HistoryJan 13, 2015 - 3:59 p.m.

CVE-2014-100022

2015-01-1315:59:11

CWE-89

[email protected]

web.nvd.nist.gov

cve-2014-100022

sql injection

mtouch quiz

wordpress

vulnerability

remote attackers

arbitrary commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.8%

JSON

SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php.

Affected configurations

NVD

Node

mtouch_quiz_projectmtouch_quizRange≤3.0.6wordpress

CPENameOperatorVersion
mtouch_quiz_project:mtouch_quizmtouch quiz project mtouch quizle3.0.6

CPE	Name	Operator	Version
mtouch_quiz_project:mtouch_quiz	mtouch quiz project mtouch quiz	le	3.0.6

References

secunia.com/advisories/57491

exchange.xforce.ibmcloud.com/vulnerabilities/91950

security.dxw.com/advisories/admin-xss-and-sqli-in-mtouch-quiz-3-0-6/

wordpress.org/plugins/mtouch-quiz/changelog/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.8%

JSON

Related for CVE-2014-100022

prion1 cvelist1 patchstack1 nvd1 wpvulndb1