mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-30 09:00:49 +02:00
789 B
789 B
CVE-2014-5182
Description
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.
POC
Reference
No PoCs from references.