From c37cae1a2099823a0e90edd73ea0668dd9a2a400 Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Mon, 13 Mar 2023 12:10:10 -0400 Subject: [PATCH] Enhancement: cves/2015/CVE-2015-4062.yaml by md --- cves/2015/CVE-2015-4062.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/cves/2015/CVE-2015-4062.yaml b/cves/2015/CVE-2015-4062.yaml index 99f4b05cd3..cee31468be 100644 --- a/cves/2015/CVE-2015-4062.yaml +++ b/cves/2015/CVE-2015-4062.yaml @@ -1,18 +1,18 @@ id: CVE-2015-4062 info: - name: NewStatPress 0.9.8 - SQL Injection + name: WordPress NewStatPress 0.9.8 - SQL Injection author: r3Y3r53 severity: critical description: | - The NewStatPress WordPress plugin was affected by SQL Injection security vulnerability. + WordPress NewStatPress plugin 0.9.8 contains a SQL injection vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php. reference: - https://packetstormsecurity.com/files/132038/ - - https://nvd.nist.gov/vuln/detail/CVE-2015-4062 - https://wordpress.org/plugins/newstatpress - http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html + - https://nvd.nist.gov/vuln/detail/CVE-2015-4062 remediation: | - Update to plugin version 0.9.9 or latest + Update to plugin version 0.9.9 or latest. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -43,3 +43,5 @@ requests: - 'status_code == 200' - 'contains(body_2, "newstatpress_page_nsp_search")' condition: and + +# Enhanced by md on 2023/03/13