Vulnerability Name:

CVE-2014-7959 (CCN-98506)

Assigned:2014-11-05
Published:2014-11-05
Updated:2021-12-15
Summary:SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
6.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
7.1 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-89
Vulnerability Consequences:Data Manipulation
References:Source: CCN
Type: BugTraq Mailing List, Wed Nov 05 2014 - 05:30:29 CST
Wordpress bulletproof-security <=.51 multiple vulnerabilities

Source: MITRE
Type: CNA
CVE-2014-7959

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/128977/WordPress-Bulletproof-Security-.51-XSS-SQL-Injection-SSRF.html

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20141105 Wordpress bulletproof-security <=.51 multiple vulnerabilities

Source: BID
Type: Third Party Advisory, VDB Entry
70918

Source: CCN
Type: BID-70918
WordPress BulletProof Security Plugin 'bpsunlock.php' SQL Injection Vulnerability

Source: XF
Type: UNKNOWN
wp-bulletproof-cve20147959-sql-injection(98506)

Source: CCN
Type: Packet Storm Security [11-05-2014]
WordPress Bulletproof-Security .51 XSS / SQL Injection / SSRF

Source: CCN
Type: WordPress Plugin Directory
BulletProof Security

Source: CONFIRM
Type: Patch, Vendor Advisory
https://wordpress.org/plugins/bulletproof-security/changelog/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-7959

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ait-pro:bulletproof_security:.45.4:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.5:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.6:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.3:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.4:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.2:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.8:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.9:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.6:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.7:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.2:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.3:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.7:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.8:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.9:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.7:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.8:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.5:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.6:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.4:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.5:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.2:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.3:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.44:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.44.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.3:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.4:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.7:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.8:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.5:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.6:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.3:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.4:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.2:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.3:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.8:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.9:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.2:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.9:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.51:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.2:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.46.9:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.7:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.8:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.47.9:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.6:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.48.7:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.4:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.49.5:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.45.1:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.5:*:*:*:*:wordpress:*:*
  • OR cpe:/a:ait-pro:bulletproof_security:.50.6:*:*:*:*:wordpress:*:*

  • Configuration CCN 1:
  • cpe:/a:wordpress:wordpress:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    ait-pro bulletproof security .45.4
    ait-pro bulletproof security .45.5
    ait-pro bulletproof security .45.6
    ait-pro bulletproof security .46.3
    ait-pro bulletproof security .46.4
    ait-pro bulletproof security .47.1
    ait-pro bulletproof security .47.2
    ait-pro bulletproof security .48
    ait-pro bulletproof security .48.1
    ait-pro bulletproof security .48.8
    ait-pro bulletproof security .48.9
    ait-pro bulletproof security .49.6
    ait-pro bulletproof security .49.7
    ait-pro bulletproof security .45.2
    ait-pro bulletproof security .45.3
    ait-pro bulletproof security .50.7
    ait-pro bulletproof security .50.8
    ait-pro bulletproof security .45.9
    ait-pro bulletproof security .46
    ait-pro bulletproof security .46.7
    ait-pro bulletproof security .46.8
    ait-pro bulletproof security .47.5
    ait-pro bulletproof security .47.6
    ait-pro bulletproof security .48.4
    ait-pro bulletproof security .48.5
    ait-pro bulletproof security .49.2
    ait-pro bulletproof security .49.3
    ait-pro bulletproof security .50
    ait-pro bulletproof security .44
    ait-pro bulletproof security .44.1
    ait-pro bulletproof security .50.3
    ait-pro bulletproof security .50.4
    ait-pro bulletproof security .45.7
    ait-pro bulletproof security .45.8
    ait-pro bulletproof security .46.5
    ait-pro bulletproof security .46.6
    ait-pro bulletproof security .47.3
    ait-pro bulletproof security .47.4
    ait-pro bulletproof security .48.2
    ait-pro bulletproof security .48.3
    ait-pro bulletproof security .49
    ait-pro bulletproof security .49.1
    ait-pro bulletproof security .49.8
    ait-pro bulletproof security .49.9
    ait-pro bulletproof security .50.1
    ait-pro bulletproof security .50.2
    ait-pro bulletproof security .50.9
    ait-pro bulletproof security .51
    ait-pro bulletproof security .46.1
    ait-pro bulletproof security .46.2
    ait-pro bulletproof security .46.9
    ait-pro bulletproof security .47
    ait-pro bulletproof security .47.7
    ait-pro bulletproof security .47.8
    ait-pro bulletproof security .47.9
    ait-pro bulletproof security .48.6
    ait-pro bulletproof security .48.7
    ait-pro bulletproof security .49.4
    ait-pro bulletproof security .49.5
    ait-pro bulletproof security .45
    ait-pro bulletproof security .45.1
    ait-pro bulletproof security .50.5
    ait-pro bulletproof security .50.6
    wordpress wordpress -