CVE-2013-5917 : Detail

CVE-2013-5917

SQL Injection
A03-Injection
41.31%V3
Network
2013-09-23
10h00 +00:00
2024-09-16
20h36 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Metrics

Metrics Score Severity CVSS Vector Source
V2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 28485

Publication date : 2013-09-22 22h00 +00:00
Author : Alexandro Silva
EDB Verified : No

[ NOSpamPTI Wordpress plugin Blind SQL Injection ] [ Vendor product description ] NOSpamPTI eliminates the spam in your comment box so strong and free, developed from the idea of Nando Vieira <a href="http://bit.ly/d38gB8" rel="nofollow">http://bit.ly/d38gB8</a>, but some themes do not support changes to the functions.php to this we alter this function and available as a plugin. Make good use of this plugin and forget all the Spam. [ Bug Description ] NOSpamPTI contains a flaw that may allow an attacker to carry out a Blind SQL injection attack. The issue is due to the wp-comments-post.php script not properly sanitizing the comment_post_ID in POST data. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. [ History ] Advisory sent to vendor on 09/09/2013 Vendor reply 09/20/2013. According the vendor, the plugin was deprecated. [ Impact ] HIGH [ Afected Version ] 2.1 [ CVE Reference] CVE-2013-5917 [ POC ] Payload: POST /wordpress/wp-comments-post.php author=1&challenge=1&challenge_hash=e4da3b7fbbce2345d7772b0674a318d5&comment=1&comment_parent=0&comment_post_ID=1 AND SLEEP(5)&[email protected]&submit=Post Comment&url=1 [ Vulnerable code ] $post_id = $_POST['comment_post_ID']; load_plugin_textdomain('nospampti', WP_PLUGIN_URL.'/nospampti/languages/', 'nospampti/languages/'); if ($hash != $challenge) { $wpdb->query("DELETE FROM {$wpdb->comments} WHERE comment_ID = {$comment_id}"); $count = $wpdb->get_var("select count(*) from $wpdb->comments where comment_post_id = {$post_id} and comment_approved = '1'"); [ Reference ] [1] No SpamPTI SVN repository - http://plugins.svn.wordpress.org/nospampti/trunk/nospampti.php [2] Owasp - https://owasp.org/index.php/SQL_Injection [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ -------------------------------------------- iBliss Segurança e Inteligência - Sponsor: Alexandro Silva - Alexos

Products Mentioned

Configuraton 0

Rodrigo_coimbra>>Nospam_pti >> Version 2.1

Wordpress>>Wordpress >> Version -

References