CVE-2015-4614
CVE-2015-4614
Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/37534/unverifiedexploitdbwww.exploit-db.com/exploits/37534unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2015/Jul/18https://plugins.trac.wordpress.org/changeset/1191455/easy2maphttps://wordpress.org/plugins/easy2map/changelog/https://www.exploit-db.com/exploits/37534/http://www.securityfocus.com/archive/1/535922/100/0/threadedhttp://www.vapid.dhs.org/advisory.php?v=131