st_newsletter SQL Injection

The st_newsletter Plugin is once again vulnerable to SQL Injection.

The hole is located within the page stnl_iframe.php, the parameter newsletter is missing correct sanitisation and so the plugin is prone to this attack. Currently we’re not aware about any fixes, users should disable the Plugin in the meantime, or should fix the problem their self. As r45c4l told no certain version is vulnerable, mostly all previous versions and the current 2.2.81 are vulnerable.

This is considered a HIGH RISK vulnerability.

Credit: The hole was discovered by r45c4l.

More Info: An exploit has been made available on milw0rm

• Multiple vulnerabilities in WP Comment Remix 1.4.3

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Copyright 2007. BlogSecurity. All rights reserved

• Home
• About
• Advertise
• BlogSec News
• Contact Us
• WPSCAN