CVE-2015-6522 — HIGH (7.5) — White Hats Nepal

Q: What is CVE-2015-6522?

CVE-2015-6522 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.

Q: How severe is CVE-2015-6522?

CVE-2015-6522 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-6522?

Check the references section above for vendor advisories and patch information. Affected products include: Wpsymposium Wp Symposium.

Vulnerability Description

SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Wpsymposium	Wp Symposium	<= 15.7

Related Weaknesses (CWE)

CWE-89

References

https://wpvulndb.com/vulnerabilities/8140ExploitThird Party Advisory
https://www.exploit-db.com/exploits/37824/Exploit
https://wpvulndb.com/vulnerabilities/8140ExploitThird Party Advisory
https://www.exploit-db.com/exploits/37824/Exploit

FAQ

What is CVE-2015-6522?

CVE-2015-6522 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.

How severe is CVE-2015-6522?

CVE-2015-6522 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-6522?

Check the references section above for vendor advisories and patch information. Affected products include: Wpsymposium Wp Symposium.