Vulnerabilities > CVE-2014-8749 - Unspecified vulnerability in Ait-Pro Bulletproof Security
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.
Vulnerable Configurations
Packetstorm
| data source | https://packetstormsecurity.com/files/download/128977/wpbulletproofsecurity-ssrfxsssql.txt |
| id | PACKETSTORM:128977 |
| last seen | 2016-12-05 |
| published | 2014-11-05 |
| reporter | Pietro Oliva |
| source | https://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html |
| title | WordPress Bulletproof-Security .51 XSS / SQL Injection / SSRF |