CVE-2018-3811

Description

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.

CVSS Version 3.0
CVSS Version 2.0

nvd
CVE ID: CVE-2018-3811
Base Score: 9.8
Base Severity: CRITICAL
Vector String:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

nvd
CVE ID: CVE-2018-3811
Base Score: 7.5
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:N/C:P/I:P/A:P

Proof Of Concept

cved-sources

cve-2018-3811

Refrence: GitHub

Refrence: NVD

Description​

Proof Of Concept​

Description

Proof Of Concept