CyberSec.Space Logo
返回 CVE 浏览器

CVE-2015-4064

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile24.83th
Published2015年5月27日
Last Modified2026年5月6日

Vulnerability Description

SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.

Affected Platforms (CPE)

📦
Landing Pages Project

Landing Pages

<= 1.8.4

References & Advisories

🔗 http://packetstormsecurity.com/files/132037/WordPress-Landing-Pages-1.8.4-Cross-Site-Scripting-SQL-Injection.html
🔗 http://www.securityfocus.com/bid/74777
🔗 https://wordpress.org/plugins/landing-pages/changelog/
🔗 https://www.exploit-db.com/exploits/37108/
🔗 http://packetstormsecurity.com/files/132037/WordPress-Landing-Pages-1.8.4-Cross-Site-Scripting-SQL-Injection.html
🔗 http://www.securityfocus.com/bid/74777
🔗 https://wordpress.org/plugins/landing-pages/changelog/
🔗 https://www.exploit-db.com/exploits/37108/

相关漏洞威胁

CVE-2015-52278.8

The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter.

CVE-2019-130477.8

kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allo...

CVE-2013-62437.5

SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers ...

CVE-2021-472777.1

In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslo...