all InfoSec news
SQL Injection in HTML5 Video Player WordPress Plugin
Jan. 30, 2024, 7:44 a.m. | Rémy Marot
Tenable Research Advisories www.tenable.com
A researcher at Tenable discovered an unauthenticated SQL Injection (SQLi) vulnerability in the HTML5 Video Player WordPress plugin.
The SQLi exists because of a lack of validation of the parameter 'id' used in the 'get_view' function which is accessible without authentication.
Proof Of Concept:
The vulnerability can be reproduced by performing the following GET HTTP request against a WordPress instance using a vulnerable version of the plugin and noticing the delayed response …
injection player plugin sql sql injection video wordpress wordpress plugin
More from www.tenable.com / Tenable Research Advisories
Approach.App Multiple Vulnerabilities
1 week, 6 days ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
3 weeks, 6 days ago |
www.tenable.com
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities
1 month, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Data Privacy Manager m/f/d)
@ Coloplast | Hamburg, HH, DE
Cybersecurity Sr. Manager
@ Eastman | Kingsport, TN, US, 37660
KDN IAM Associate Consultant
@ KPMG India | Hyderabad, Telangana, India
Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)
@ Bosch Group | Stuttgart, Germany
Senior Security Engineer - SIEM
@ Samsara | Remote - US