CVE-2009-4748 Information
Share on:
Feb 14, 2021
cve
Description
SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.
Reference
http://packetstormsecurity.org/0907-exploits/wpmco-sql.txt http://www.exploit-db.com/exploits/9150 http://www.securityfocus.com/bid/35704 https://exchange.xforce.ibmcloud.com/vulnerabilities/51727