CVE-2014-7959 : SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof S

SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.

Published 2014-11-06 15:55:09

Updated 2021-12-15 21:02:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Sql Injection

Products affected by CVE-2014-7959

Ait-pro » Bulletproof Security » Version: .45.2 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.45.2:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .45.3 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.45.3:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .50.7 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.50.7:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .50.8 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.50.8:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .44 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.44:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .44.1 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.44.1:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .50.3 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.50.3:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .50.4 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.50.4:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .50.1 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.50.1:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .50.2 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.50.2:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .50.9 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.50.9:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .51 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.51:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .45 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.45:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .45.1 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.45.1:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .50.5 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.50.5:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .50.6 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.50.6:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .45.4 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.45.4:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .45.5 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.45.5:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .45.6 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.45.6:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .46.3 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.46.3:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .46.4 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.46.4:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .47.1 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.47.1:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .47.2 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.47.2:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .48 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.48:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .48.1 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.48.1:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .48.8 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.48.8:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .48.9 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.48.9:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .49.6 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.49.6:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .49.7 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.49.7:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .45.9 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.45.9:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .46 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.46:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .46.7 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.46.7:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .46.8 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.46.8:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .47.5 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.47.5:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .47.6 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.47.6:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .48.4 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.48.4:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .48.5 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.48.5:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .49.2 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.49.2:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .49.3 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.49.3:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .50 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.50:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .45.7 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.45.7:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .45.8 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.45.8:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .46.5 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.46.5:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .46.6 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.46.6:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .47.3 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.47.3:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .47.4 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.47.4:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .48.2 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.48.2:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .48.3 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.48.3:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .49 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.49:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .49.1 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.49.1:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .49.8 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.49.8:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .49.9 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.49.9:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .46.1 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.46.1:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .46.2 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.46.2:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .46.9 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.46.9:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .47 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.47:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .47.7 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.47.7:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .47.8 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.47.8:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .47.9 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.47.9:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .48.6 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.48.6:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .48.7 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.48.7:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .49.4 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.49.4:*:*:*:*:wordpress:*:*
Matching versions
Ait-pro » Bulletproof Security » Version: .49.5 For Wordpress
cpe:2.3:a:ait-pro:bulletproof_security:.49.5:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-7959

EPSS FAQ

0.49%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 76 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-7959

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-7959

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-7959

http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html

WordPress Bulletproof-Security .51 XSS / SQL Injection / SSRF ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/bid/70918

WordPress BulletProof Security Plugin 'bpsunlock.php' SQL Injection Vulnerability
Third Party Advisory;VDB Entry
https://wordpress.org/plugins/bulletproof-security/changelog/

BulletProof Security – WordPress plugin | WordPress.org
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/533904/100/0/threaded

SecurityFocus
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-7959

Products affected by CVE-2014-7959

Exploit prediction scoring system (EPSS) score for CVE-2014-7959

CVSS scores for CVE-2014-7959

CWE ids for CVE-2014-7959

References for CVE-2014-7959