Sign-up

ID

VAR-201709-0786


CVE

CVE-2017-14842


TITLE

WordPress for Mojoomla SMSmaster Multipurpose SMS Gateway In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-008457

DESCRIPTION

Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers. Mojoomla SMSmaster Multipurpose SMS Gateway is one of the multipurpose SMS gateways. A remote attacker can exploit this vulnerability to inject arbitrary SQL commands by using the 'id' parameter

Trust: 1.71

sources: NVD: CVE-2017-14842 // JVNDB: JVNDB-2017-008457 // VULHUB: VHN-105605

AFFECTED PRODUCTS

vendor:dasinfomediamodel:smsmaster multipurpose sms gatewayscope:eqversion: -

Trust: 1.6

vendor:dasinfomediamodel:smsmaster - multipurpose sms gatewayscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-008457 // CNNVD: CNNVD-201709-1266 // NVD: CVE-2017-14842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14842
value: HIGH

Trust: 1.0

NVD: CVE-2017-14842
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201709-1266
value: MEDIUM

Trust: 0.6

VULHUB: VHN-105605
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-14842
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-105605
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14842
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-105605 // JVNDB: JVNDB-2017-008457 // CNNVD: CNNVD-201709-1266 // NVD: CVE-2017-14842

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-105605 // JVNDB: JVNDB-2017-008457 // NVD: CVE-2017-14842

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1266

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201709-1266

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008457

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-105605

PATCH
title:SMSmaster - Multipurpose SMS Gatewayurl:https://codecanyon.net/item/smsmaster-multipurpose-sms-gateway-for-wordpress/20605853
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-008457

EXTERNAL IDS
db:NVDid:CVE-2017-14842
Trust: 2.5
db:EXPLOIT-DBid:42798
Trust: 2.5
db:JVNDBid:JVNDB-2017-008457
Trust: 0.8
db:CNNVDid:CNNVD-201709-1266
Trust: 0.7
db:VULHUBid:VHN-105605
Trust: 0.1
sources:
            
            
            VULHUB: VHN-105605 // 
            
            
            
            JVNDB: JVNDB-2017-008457 // 
            
            
            
            CNNVD: CNNVD-201709-1266 // 
            
            
            
            NVD: CVE-2017-14842

REFERENCES
url:https://www.exploit-db.com/exploits/42798/
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14842
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14842
Trust: 0.8
sources:
            
            
            VULHUB: VHN-105605 // 
            
            
            
            JVNDB: JVNDB-2017-008457 // 
            
            
            
            CNNVD: CNNVD-201709-1266 // 
            
            
            
            NVD: CVE-2017-14842

SOURCES
db:VULHUBid:VHN-105605
db:JVNDBid:JVNDB-2017-008457
db:CNNVDid:CNNVD-201709-1266
db:NVDid:CVE-2017-14842

LAST UPDATE DATE
2025-04-20T23:30:52.689000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-105605date:2017-10-05T00:00:00
db:JVNDBid:JVNDB-2017-008457date:2017-10-19T00:00:00
db:CNNVDid:CNNVD-201709-1266date:2017-10-09T00:00:00
db:NVDid:CVE-2017-14842date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-105605date:2017-09-28T00:00:00
db:JVNDBid:JVNDB-2017-008457date:2017-10-19T00:00:00
db:CNNVDid:CNNVD-201709-1266date:2017-09-27T00:00:00
db:NVDid:CVE-2017-14842date:2017-09-28T01:29:02.263