CVE-2015-6522

Wpsymposium WP Symposium < 15.7 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.

Exploits (2)

exploitdb WORKING POC

by PizzaHatHacker · textwebappsphp

https://www.exploit-db.com/exploits/37824

View Code ZIP pw:eip

metasploit WORKING POC

by PizzaHatHacker · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/wp_symposium_sql_injection.rb

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://wpvulndb.com/vulnerabilities/8140

[Exploit] https://www.exploit-db.com/exploits/37824/

Scores

EPSS 0.7982

EPSS Percentile 99.1%

Details

CWE

CWE-89

Status published

Products (1)

wpsymposium/wp_symposium < 15.7

Published Aug 19, 2015

Tracked Since Feb 18, 2026