Vulnerabilities > CVE-2014-8749 - Unspecified vulnerability in Ait-Pro Bulletproof Security
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter. <a href="http://cwe.mitre.org/data/definitions/918.html">CWE-918: Server-Side Request Forgery (SSRF)</a>
Vulnerable Configurations
Packetstorm
data source | https://packetstormsecurity.com/files/download/128977/wpbulletproofsecurity-ssrfxsssql.txt |
id | PACKETSTORM:128977 |
last seen | 2016-12-05 |
published | 2014-11-05 |
reporter | Pietro Oliva |
source | https://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html |
title | WordPress Bulletproof-Security .51 XSS / SQL Injection / SSRF |