CVE-2011-4803

Description

SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected products

• bravenewcode / wptouch1.0 – 1.0
• bravenewcode / wptouch1.1 – 1.1
• bravenewcode / wptouch1.2 – 1.2
• bravenewcode / wptouch1.3.5 – 1.3.5
• bravenewcode / wptouch1.4 – 1.4
• bravenewcode / wptouch1.5 – 1.5
• bravenewcode / wptouch1.6 – 1.6
• bravenewcode / wptouch1.7.5 – 1.7.5
• bravenewcode / wptouch1.8.9.1 – 1.8.9.1
• bravenewcode / wptouch1.8.9.3 – 1.8.9.3
• bravenewcode / wptouch1.9 – 1.9
• bravenewcode / wptouch1.9.1 – 1.9.1
• bravenewcode / wptouch1.9.5 – 1.9.5
• bravenewcode / wptouch1.9.6 – 1.9.6
• bravenewcode / wptouch1.9.7.6 – 1.9.7.6
• bravenewcode / wptouch1.9.7.7 – 1.9.7.7
• bravenewcode / wptouch1.9.8 – 1.9.8
• bravenewcode / wptouch1.9.8.1 – 1.9.8.1
• bravenewcode / wptouch1.9.8.2 – 1.9.8.2
• bravenewcode / wptouch1.9.8.3 – 1.9.8.3
• bravenewcode / wptouch1.9.9 – 1.9.9
• bravenewcode / wptouch1.9.9.1 – 1.9.9.1
• bravenewcode / wptouch1.9.9.2 – 1.9.9.2
• bravenewcode / wptouch1.9.9.3 – 1.9.9.3
• bravenewcode / wptouch1.9.9.4 – 1.9.9.4
• bravenewcode / wptouch1.9.9.5 – 1.9.9.5
• bravenewcode / wptouch1.9.9.6 – 1.9.9.6
• bravenewcode / wptouch1.9.9.7 – 1.9.9.7
• bravenewcode / wptouch1.9.9.8 – 1.9.9.8
• bravenewcode / wptouch1.9.10 – 1.9.10
• bravenewcode / wptouch1.9.11 – 1.9.11
• bravenewcode / wptouch1.9.12 – 1.9.12
• bravenewcode / wptouch1.9.13 – 1.9.13
• bravenewcode / wptouch1.9.14 – 1.9.14
• bravenewcode / wptouch1.9.15 – 1.9.15
• bravenewcode / wptouch1.9.16 – 1.9.16
• bravenewcode / wptouch1.9.17 – 1.9.17
• bravenewcode / wptouch1.9.18 – 1.9.18
• bravenewcode / wptouch1.9.19 – 1.9.19
• bravenewcode / wptouch1.9.19.1 – 1.9.19.1
• bravenewcode / wptouch1.9.19.2 – 1.9.19.2
• bravenewcode / wptouch1.9.19.3 – 1.9.19.3
• bravenewcode / wptouch1.9.19.4 – 1.9.19.4
• bravenewcode / wptouch1.9.19.5 – 1.9.19.5
• bravenewcode / wptouch1.9.20 – 1.9.20
• bravenewcode / wptouch1.9.21 – 1.9.21
• bravenewcode / wptouch1.9.21.1 – 1.9.21.1
• bravenewcode / wptouch1.9.22 – 1.9.22
• bravenewcode / wptouch1.9.22.1 – 1.9.22.1
• bravenewcode / wptouch1.9.23 – 1.9.23
• bravenewcode / wptouch1.9.24 – 1.9.24
• bravenewcode / wptouch1.9.25 – 1.9.25
• bravenewcode / wptouch1.9.26 – 1.9.26

References

• EXPLOIThttp://www.exploit-db.com/exploits/18039