CVE-2015-7791 Information

Description

Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Reference

http://jvn.jp/en/jp/JVN43344629/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000200 http://www.securityfocus.com/bid/79647 http://www.welcart.com/community/archives/76035 https://wpvulndb.com/vulnerabilities/8356

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

6.3