Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-4748. PoCs published by Manh Luat.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the WordPress plugin My Category Order <= 2.8. The vulnerability arises from improper sanitization of the 'parentID' parameter, allowing an attacker to inject malicious SQL queries.
Description
SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in the WordPress plugin My Category Order <= 2.8. The vulnerability arises from improper sanitization of the 'parentID' parameter, allowing an attacker to inject malicious SQL queries.