ID de Prueba:	1.3.6.1.4.1.25623.1.0.804511
Categoría:	Web application abuses
Título:	WordPress AdRotate Plugin 'clicktracker.php' SQL Injection Vulnerability
Resumen:	WordPress AdRotate Plugin is prone to an SQL injection (SQLi) vulnerability.
Descripción:	Summary: WordPress AdRotate Plugin is prone to an SQL injection (SQLi) vulnerability. Vulnerability Insight: Flaw is due to the library/clicktracker.php script not properly sanitizing user-supplied input to the 'track' parameter. Vulnerability Impact: Successful exploitation will allow attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: WordPress AdRotate Pro plugin version 3.9 through 3.9.5 and AdRotate Free plugin version 3.9 through 3.9.4 Solution: Upgrade AdRotate Pro to version 3.9.6 or higher and AdRotate Free to version 3.9.5 or higher. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1854 BugTraq ID: 65709 http://www.securityfocus.com/bid/65709 Bugtraq: 20140220 SQL Injection in AdRotate (Google Search) http://www.securityfocus.com/archive/1/531176/100/0/threaded http://www.exploit-db.com/exploits/31834 https://www.htbridge.com/advisory/HTB23201 http://secunia.com/advisories/57079 XForce ISS Database: adrotate-track-sql-injection(91253) https://exchange.xforce.ibmcloud.com/vulnerabilities/91253
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.