CVE-2014-5185
Published Aug 6, 2014
Last updated 10 years ago
Overview
- Description
- SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quartz_plugin_project:quartz_plugin:1.01.1:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "9FBF8054-5CD9-40A9-ACA0-7FB0DABEE1DD"
}
],
"operator": "OR"
}
]
}
]