SQL Injection Vulnerability in Z-Vote
Advisory ID: | HTB22839 |
Product: | Z-Vote |
Vendor: | 140hours |
Vulnerable Versions: | 1.1 and probably prior |
Tested Version: | 1.1 |
Advisory Publication: | February 8, 2011 [without technical details] |
Vendor Notification: | February 8, 2011 |
Public Disclosure: | February 22, 2011 |
Vulnerability Type: | SQL Injection [CWE-89] |
Risk Level: | High |
CVSSv2 Base Score: | 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) |
Discovered and Provided: | High-Tech Bridge Security Research Lab |
Advisory Details: | |
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Z-Vote WordPress plugin which could be exploited to perform SQL injection attacks. | |
Solution: | |
Currently we are not aware of any vendor-supplied patches or other solutions. The vendor was contacted in accordance to our Vendor Notification Policy but we didn't get any answer or feedback. | |
References: | |
[1] High-Tech Bridge Advisory HTB22839 - https://www.immuniweb.com/advisory/HTB22839 - SQL Injection Vulnerability in Z-Vote [2] Z-Vote- Z-Vote is a WordPress plugin for creating polls. [3] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. | |
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.