CVE-2013-5917 : Détail

CVE-2013-5917

SQL Injection
A03-Injection
41.31%V3
Network
2013-09-23
10h00 +00:00
2024-09-16
20h36 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Informations sur l'Exploit

Exploit Database EDB-ID : 28485

Date de publication : 2013-09-22 22h00 +00:00
Auteur : Alexandro Silva
EDB Vérifié : No

[ NOSpamPTI Wordpress plugin Blind SQL Injection ] [ Vendor product description ] NOSpamPTI eliminates the spam in your comment box so strong and free, developed from the idea of Nando Vieira <a href="http://bit.ly/d38gB8" rel="nofollow">http://bit.ly/d38gB8</a>, but some themes do not support changes to the functions.php to this we alter this function and available as a plugin. Make good use of this plugin and forget all the Spam. [ Bug Description ] NOSpamPTI contains a flaw that may allow an attacker to carry out a Blind SQL injection attack. The issue is due to the wp-comments-post.php script not properly sanitizing the comment_post_ID in POST data. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. [ History ] Advisory sent to vendor on 09/09/2013 Vendor reply 09/20/2013. According the vendor, the plugin was deprecated. [ Impact ] HIGH [ Afected Version ] 2.1 [ CVE Reference] CVE-2013-5917 [ POC ] Payload: POST /wordpress/wp-comments-post.php author=1&challenge=1&challenge_hash=e4da3b7fbbce2345d7772b0674a318d5&comment=1&comment_parent=0&comment_post_ID=1 AND SLEEP(5)&email=sample@email.tst&submit=Post Comment&url=1 [ Vulnerable code ] $post_id = $_POST['comment_post_ID']; load_plugin_textdomain('nospampti', WP_PLUGIN_URL.'/nospampti/languages/', 'nospampti/languages/'); if ($hash != $challenge) { $wpdb->query("DELETE FROM {$wpdb->comments} WHERE comment_ID = {$comment_id}"); $count = $wpdb->get_var("select count(*) from $wpdb->comments where comment_post_id = {$post_id} and comment_approved = '1'"); [ Reference ] [1] No SpamPTI SVN repository - http://plugins.svn.wordpress.org/nospampti/trunk/nospampti.php [2] Owasp - https://owasp.org/index.php/SQL_Injection [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ -------------------------------------------- iBliss Segurança e Inteligência - Sponsor: Alexandro Silva - Alexos

Products Mentioned

Configuraton 0

Rodrigo_coimbra>>Nospam_pti >> Version 2.1

Wordpress>>Wordpress >> Version -

Références