CVE-2015-5308

Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
wp-championship_projectwp-championship
5.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.vapid.dhs.org/advisory.php?v=155
https://wpvulndb.com/vulnerabilities/8221
http://www.vapid.dhs.org/advisory.php?v=155
https://wpvulndb.com/vulnerabilities/8221