CVE-2014-5185

{"id": "CVE-2014-5185", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-06T19:55:04.400", "references": [{"url": "http://codevigilant.com/disclosure/wp-plugin-quartz-a1-injection", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en el plugin Quartz 1.01.1 para WordPress permite a usuarios remotos autenticados con los privilegios de colaborador ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro quote en una acci\u00f3n edit en la p\u00e1gina quartz/quote_form.php en wp-admin/edit.php."}], "lastModified": "2014-08-07T13:14:16.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:quartz_plugin_project:quartz_plugin:1.01.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9FBF8054-5CD9-40A9-ACA0-7FB0DABEE1DD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}