WP Business Intelligence Lite < 1.6.3 – SQL Injection | CVE 2015-9326

Affects Plugins

wp-business-intelligence

Fixed in 1.6.3

wp-business-intelligence-lite

Fixed in 1.6.3

References

CVE

CVE-2015-9326

URL

https://packetstormsecurity.com/files/#131228/

URL

https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_business_intelligent_sqli_scanner.rb

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

CVSS

9.8 (critical)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

60bfaa38-270f-44c7-ae7c-8ed30fd71673

Timeline

Publicly Published

2015-04-01 (about 11 years ago)

Added

2015-04-01 (about 11 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2024-07-11

Title

Form Vibes < 1.4.11 - Authenticated (Subscriber+) SQL Injection via fv_export_data

Published

2024-03-26

Title

Church Admin < 4.0.28 - Authenticated (Contributor+) SQL Injection

Published

2025-01-15

Title

Passwords Manager < 1.5.1 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key

Published

2023-10-13

Title

Accessibility Suite by Online ADA < 4.13 - Subscriber+ SQLi

Published

2026-03-03

Title

JS Help Desk < 2.8.3 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie