WordPress HD Webplayer 1.1 SQL Injection

Posted on September 4, 2012 by Steve

Application : WordPress HD Webplayer
Versions Affected: < 1.1
Exploit : SQL Injection
Threat Level: Low
Fix: Unknown
Credit: Joinse7en
External Website: http://www.hdwebplayer.com

What does it mean, do I have to do anything, if so what?

HD Webplayer is a WordPress video player plugin.  A malicious user could inject SQL commands to insert data into the MySQL database which could cause the system to fill up.  The threat is fairly low but it is always worth keeping uptodate.  Follow the instructions on the plugin website.

What happens if I leave it?

A malicious user can only insert data, therefore there is a possibility of the MySQL partition becoming full which would in turn crash MySQL and possibly the server.

Post to Digg Digg This Post Post to Reddit Post to Reddit Post to StumbleUpon Stumble This Post Post to Technorati Post to Technorati

This entry was posted in Managed Hosting, Web Security. Bookmark the permalink.

Comments are closed.