1 results (0.007 seconds)
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10011 – HD FLV PLayer Plugin functions.php hd_update_media sql injection
https://notcve.org/view.php?id=CVE-2012-10011
12 Jun 2012 — A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPress. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. • https://github.com/wp-plugins/contus-hd-flv-player/commit/34d66b9f3231a0e2dc0e536a6fe615d736e863f7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •