WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities

WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities

 

Exploit Title: WordPress Daily Edition Theme v1.6.2 /fiche-disque.php id Parameters SQL Injection Security Vulnerabilities

Product: WordPress Daily Edition Theme

Vendor: WooThemes

Vulnerable Versions: v1.6.2

Tested Version: v1.6.2

Advisory Publication: Mar 07, 2015

Latest Update: Mar 07, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 
wordpress_daily_edition_3

 

 

Advisory Details:

(1) Vendor & Product Description:

Vendor:

WooThemes

 

Product & Version:

WordPress Daily Edition Theme

v1.6.2

 

Vendor URL & Download:

WordPress Daily Edition Theme can be got from here,

http://www.woothemes.com/products/daily-edition/

 

Product Introduction:

“Daily Edition WordPress Theme developed by wootheme team and Daily Edition is a clean, spacious newspaper/magazine theme designed by Liam McKay. With loads of home page modules to enable/disable and a unique java script-based featured scroller and video player the theme oozes sophistication”

“The Daily Edition theme offers users many options, controlled from the widgets area and the theme options page – it makes both the themes appearance and functions flexible. From The Daily Edition 3 option pages you can for example add your Twitter and Google analytics code, some custom CSS and footer content – and in the widgets area you find a practical ads management.”

“Unique Features

These are some of the more unique features that you will find within the theme:

A neat javascript home page featured slider, with thumbnail previews of previous/next slides on hover over the dots.

A “talking points” home page that can display posts according to tags, in order of most commented to least commented. A great way to highlight posts gathering dust in the archives.

A customizable home page layout with options to specify how many full width blog posts and how many “box” posts you would like to display.

A javascript home page video player with thumbnail hover effect.

16 delicious colour schemes to choose from!”

 

 

(2) Vulnerability Details:

WordPress Daily Edition Theme web application has a security bug problem. It can be exploited by SQL Injection attacks. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

(2.1) The code flaw occurs at “fiche-disque.php?” page with “&id” parameter.

 

 

 

 

References:

http://www.tetraph.com/security/sql-injection-vulnerability/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/wordpress-daily-edition-theme-v162-sql.html

http://www.inzeed.com/kaleidoscope/computer-web-security/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/

https://itswift.wordpress.com/2015/03/07/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/

http://seclists.org/fulldisclosure/2015/Mar/27

http://packetstormsecurity.com/files/130075/SmartCMS-2-SQL-Injection.html

 

 

 

Advertisements

One thought on “WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s