Vulnerabilities > CVE-2014-8749 - Unspecified vulnerability in Ait-Pro Bulletproof Security

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

ait-pro

NVD

Published: 2014-12-01

Updated: 2014-12-01

Summary

Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter. <a href="http://cwe.mitre.org/data/definitions/918.html">CWE-918: Server-Side Request Forgery (SSRF)</a>

Vulnerable Configurations

Part	Description	Count
Application	Ait-Pro AIT PRO Bulletproof Security .44 AIT PRO Bulletproof Security .44.1 AIT PRO Bulletproof Security .45 AIT PRO Bulletproof Security .45.1 AIT PRO Bulletproof Security .45.2 AIT PRO Bulletproof Security .45.3 AIT PRO Bulletproof Security .45.4 AIT PRO Bulletproof Security .45.5 AIT PRO Bulletproof Security .45.6 AIT PRO Bulletproof Security .45.7 AIT PRO Bulletproof Security .45.8 AIT PRO Bulletproof Security .45.9 AIT PRO Bulletproof Security .46 AIT PRO Bulletproof Security .46.1 AIT PRO Bulletproof Security .46.2 AIT PRO Bulletproof Security .46.3 AIT PRO Bulletproof Security .46.4 AIT PRO Bulletproof Security .46.5 AIT PRO Bulletproof Security .46.6 AIT PRO Bulletproof Security .46.7 AIT PRO Bulletproof Security .46.8 AIT PRO Bulletproof Security .46.9 AIT PRO Bulletproof Security .47 AIT PRO Bulletproof Security .47.1 AIT PRO Bulletproof Security .47.2 AIT PRO Bulletproof Security .47.3 AIT PRO Bulletproof Security .47.4 AIT PRO Bulletproof Security .47.5 AIT PRO Bulletproof Security .47.6 AIT PRO Bulletproof Security .47.7 AIT PRO Bulletproof Security .47.8 AIT PRO Bulletproof Security .47.9 AIT PRO Bulletproof Security .48 AIT PRO Bulletproof Security .48.1 AIT PRO Bulletproof Security .48.2 AIT PRO Bulletproof Security .48.3 AIT PRO Bulletproof Security .48.4 AIT PRO Bulletproof Security .48.5 AIT PRO Bulletproof Security .48.6 AIT PRO Bulletproof Security .48.7 AIT PRO Bulletproof Security .48.8 AIT PRO Bulletproof Security .48.9 AIT PRO Bulletproof Security .49 AIT PRO Bulletproof Security .49.1 AIT PRO Bulletproof Security .49.2 AIT PRO Bulletproof Security .49.3 AIT PRO Bulletproof Security .49.4 AIT PRO Bulletproof Security .49.5 AIT PRO Bulletproof Security .49.6 AIT PRO Bulletproof Security .49.7 AIT PRO Bulletproof Security .49.8 AIT PRO Bulletproof Security .49.9 AIT PRO Bulletproof Security .50 AIT PRO Bulletproof Security .50.1 AIT PRO Bulletproof Security .50.2 AIT PRO Bulletproof Security .50.3 AIT PRO Bulletproof Security .50.4 AIT PRO Bulletproof Security .50.5 AIT PRO Bulletproof Security .50.6 AIT PRO Bulletproof Security .50.7 AIT PRO Bulletproof Security .50.8 AIT PRO Bulletproof Security .50.9 AIT PRO Bulletproof Security .51	63

Packetstorm

data source	https://packetstormsecurity.com/files/download/128977/wpbulletproofsecurity-ssrfxsssql.txt
id	PACKETSTORM:128977
last seen	2016-12-05
published	2014-11-05
reporter	Pietro Oliva
source	https://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html
title	WordPress Bulletproof-Security .51 XSS / SQL Injection / SSRF

Summary

Vulnerable Configurations

Packetstorm

References