1 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 5

SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter. Vulnerabilidad de inyección SQL en settings.php del plugin Web Dorado Spider Video Player v2.1 para Drupal permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "theme". • https://www.exploit-db.com/exploits/38458 http://osvdb.org/92264 http://packetstormsecurity.com/files/121250/WordPress-Spider-Video-Player-2.1-SQL-Injection.html http://packetstormsecurity.com/files/128851/WordPress-HTML5-Flash-Player-SQL-Injection.html http://www.securityfocus.com/bid/59021 http://www.securityfocus.com/bid/70763 https://exchange.xforce.ibmcloud.com/vulnerabilities/83374 https://exchange.xforce.ibmcloud.com/vulnerabilities/98332 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •