Vulnerability Description
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sympies | Wordpress Survey And Poll | 1.1.7 |
Related Weaknesses (CWE)
References
- http://osvdb.org/show/osvdb/118218
- http://packetstormsecurity.com/files/130381/WordPress-Survey-And-Poll-1.1.7-BlinExploit
- http://www.exploit-db.com/exploits/36054Exploit
- http://www.securityfocus.com/bid/74890
- https://wordpress.org/plugins/wp-survey-and-poll/changelog/
- http://osvdb.org/show/osvdb/118218
- http://packetstormsecurity.com/files/130381/WordPress-Survey-And-Poll-1.1.7-BlinExploit
- http://www.exploit-db.com/exploits/36054Exploit
- http://www.securityfocus.com/bid/74890
- https://wordpress.org/plugins/wp-survey-and-poll/changelog/
FAQ
What is CVE-2015-2090?
CVE-2015-2090 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the su...
How severe is CVE-2015-2090?
CVE-2015-2090 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2090?
Check the references section above for vendor advisories and patch information. Affected products include: Sympies Wordpress Survey And Poll.