CVE-2011-4671 Information

Description

SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6 and other versions before 3.6.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).

Reference

http://downloads.wordpress.org/plugin/adrotate.3.6.8.zip http://secunia.com/advisories/46814 http://unconciousmind.blogspot.com/2011/11/wordpress-adrotate-plugin-366-sql.html http://www.exploit-db.com/exploits/18114 http://www.securityfocus.com/bid/50674