Vulnerability Description
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adrotateplugin | Adrotate | <= 3.6.7 |
| Wordpress | Wordpress | All versions |
Related Weaknesses (CWE)
References
- http://downloads.wordpress.org/plugin/adrotate.3.6.8.zipPatch
- http://secunia.com/advisories/46814
- http://unconciousmind.blogspot.com/2011/11/wordpress-adrotate-plugin-366-sql.htmExploit
- http://www.exploit-db.com/exploits/18114Exploit
- http://www.securityfocus.com/bid/50674
- http://downloads.wordpress.org/plugin/adrotate.3.6.8.zipPatch
- http://secunia.com/advisories/46814
- http://unconciousmind.blogspot.com/2011/11/wordpress-adrotate-plugin-366-sql.htmExploit
- http://www.exploit-db.com/exploits/18114Exploit
- http://www.securityfocus.com/bid/50674
FAQ
What is CVE-2011-4671?
CVE-2011-4671 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the ...
How severe is CVE-2011-4671?
CVE-2011-4671 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4671?
Check the references section above for vendor advisories and patch information. Affected products include: Adrotateplugin Adrotate, Wordpress Wordpress.