20 Sep 2019

Vulnérabilité CVE-2015-9395 CVE Vulnerability

Publié par . Publié dans SQL Injection

The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action. (CVSS:6.5) (Last Update:2019-09-20)

Vulnerability Details :

The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.
Publish Date : 2019-09-20 Last Update Date : 2019-09-20

CVSS Score	6.5
Confidentiality Impact	Partial(There is considerable informational disclosure.)
Integrity Impact	Partial(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial(There is reduced performance or interruptions in resource availability.)
Access Complexity	Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Single system(The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).)
Gained Access	None
Vulnerability Type(s)	Sql Injection
CWE ID	89

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	Usersultra	Users Ultra Membership	-		~~~wordpress~~		Version Details Vulnerabilities
2	Application	Usersultra	Users Ultra Membership	1.5.63		~~~wordpress~~		Version Details Vulnerabilities