CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2014-4939 – ENL Newsletter <= 1.0.1 - Authenticated (Admin+) SQL Injection
https://notcve.org/view.php?id=CVE-2014-4939
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php. Vulnerabilidad de inyección SQL en el plugin ENL Newsletter (enl-newsletter) 1.0.1 para WordPress permite a administradores remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro id en la página enl-add-new en wp-admin/admin.php. • https://www.exploit-db.com/exploits/39253 http://codevigilant.com/disclosure/wp-plugin-enl-newsletter-a1-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •