CVE-2014-3961 Information

Description

SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an \output CSV\ action to pdb-signup/.

Reference

http://osvdb.org/show/osvdb/107626 http://packetstormsecurity.com/files/126878/WordPress-Participants-Database-1.5.4.8-SQL-Injection.html http://seclists.org/fulldisclosure/2014/Jun/0 http://www.exploit-db.com/exploits/33613 http://www.securityfocus.com/bid/67769 https://wordpress.org/plugins/participants-database/changelog https://www.yarubo.com/advisories/1