CVE-2014-1854 Information

Description

SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.

Reference

http://secunia.com/advisories/57079 http://www.adrotateplugin.com/2014/01/adrotate-pro-3-9-6-and-adrotate-free-3-9-5 http://www.exploit-db.com/exploits/31834 http://www.securityfocus.com/archive/1/531176/100/0/threaded http://www.securityfocus.com/bid/65709 https://exchange.xforce.ibmcloud.com/vulnerabilities/91253 https://www.htbridge.com/advisory/HTB23201