{"id":10123,"date":"2019-01-02T07:07:31","date_gmt":"2019-01-02T07:07:31","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2019-3494\/"},"modified":"2019-01-02T07:07:31","modified_gmt":"2019-01-02T07:07:31","slug":"cve-2019-3494","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2019-3494\/","title":{"rendered":"CVE-2019-3494"},"content":{"rendered":"
\nCVE-2019-3494 : Simply-Blog through 2019-01-01 has SQL Injection via the admin\/deleteCategories.php delete parameter.<\/title>
<br \/>\n<meta http-equiv=\"Content-Type\" content=\"text\/html; charset=utf-8\"\/>
<br \/>\n<meta name=\"description\" content=\"CVE-2019-3494 : Simply-Blog through 2019-01-01 has SQL Injection via the admin\/deleteCategories.php delete parameter.\"\/>
<br \/>\n<meta name=\"keywords\" content=\"CVE-2019-3494, 201900003494, CWE-0, CVSS 0.0\"\/>
\n<link rel=\"stylesheet\" type=\"text\/css\" href=\"\/cvedetails.css\"\/>
\n<link rel=\"canonical\" href=\"http:\/\/www.cvedetails.com\/cve\/CVE-2019-3494\/\"\/><meta name=\"google-signin-client_id\" content=\"349381870180-eaoug67mdrnbmuink9n43t3b8silo5h0.apps.googleusercontent.com\"\/>
<br \/>\n
<br \/>\n<\/head>
<br \/>\n
<br \/>\n<body id=\"readabilityBody\" readability=\"28.848158443363\">
<\/p>\n<div id=\"topcontainer\" readability=\"6\">\n<div id=\"topleft\"> <a href=\"https:\/\/www.cvedetails.com\/\" title=\"Go to cvedetails.com homepage\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2019\/01\/cve-2019-3494.png\" border=\"0\" alt=\"CVEdetails.com the ultimate security vulnerability data source\" title=\"CVEdetails.com the ultimate security vulnerability data source\"\/><\/a> <\/div>\n<\/p><\/div>\n<p>
<\/p>\n<table id=\"maintable\" readability=\"17.568881685575\">
<\/p>\n<tr>
<\/tr>\n<p>
<\/p>\n<tr readability=\"5.8562938951918\">
<\/p>\n<td valign=\"top\" id=\"mainmenutd\">
<br \/>\n
<br \/>\n
<br \/>\n
<br \/>\n
<\/td>\n<p>
<\/p>\n<td align=\"left\" valign=\"top\">
<\/p>\n<div id=\"contentdiv\">\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"0\" readability=\"2.8811594202899\">\n<tr readability=\"4.5328947368421\">\n<td valign=\"top\" id=\"cvedetails\" readability=\"4.1842105263158\">\n<p> Simply-Blog through 2019-01-01 has SQL Injection via the admin\/deleteCategories.php delete parameter.\t<br \/><span class=\"datenote\"> Publish Date : 2019-01-01\tLast Update Date : 2019-01-01\t<\/span>\n<\/p>\n<p> <!--[if IE]> \n\n<style type=\"text\/css\"> .menubarmain div { left:0; top:1.5em; } <\/style>\n\n <![endif]--> <\/p>\n<h2 onclick=\"pm('cvssscorestable')\"> <span id=\"pm_cvssscorestable\" class=\"pm\">–<\/span> CVSS Scores & Vulnerability Types <\/h2>\n<table readability=\"2\">\n<tr readability=\"4\">\n<td>\n<table id=\"cvssscorestable\" class=\"details\" readability=\"1\">\n<tr>\n<th>CVSS Score<\/th>\n<td>\n<p>0.0<\/p>\n<\/td>\n<\/tr>\n<tr>\n<th>Confidentiality Impact<\/th>\n<td>???<\/td>\n<\/tr>\n<tr>\n<th>Integrity Impact<\/th>\n<td>???<\/td>\n<\/tr>\n<tr>\n<th>Availability Impact<\/th>\n<td>???<\/td>\n<\/tr>\n<tr>\n<th>Access Complexity<\/th>\n<td>???<\/td>\n<\/tr>\n<tr>\n<th>Authentication<\/th>\n<td>???<\/td>\n<\/tr>\n<tr>\n<th>Gained Access<\/th>\n<td><span>None<\/span><\/td>\n<\/tr>\n<tr>\n<th>Vulnerability Type(s)<\/th>\n<td> <span class=\"vt_sql\">Sql Injection<\/span> <\/td>\n<\/tr>\n<tr readability=\"2\">\n<th>CWE ID<\/th>\n<td>CWE id is not defined for this vulnerability<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<td> <\/td>\n<\/tr>\n<\/table>\n<h2 onclick=\"pm('vulnprodstable')\"> <span id=\"pm_vulnprodstable\" class=\"pm\">–<\/span> Products Affected By CVE-2019-3494 <\/h2>\n<table class=\"listtable\" id=\"vulnprodstable\" readability=\"2\">\n<tr>\n<th class=\"num\">#<\/th>\n<th>Product Type<\/th>\n<th>Vendor<\/th>\n<th>Product<\/th>\n<th>Version<\/th>\n<th>Update<\/th>\n<th>Edition<\/th>\n<th>Language<\/th>\n<th\/> <\/tr>\n<tr readability=\"6\">\n<td colspan=\"10\" readability=\"7\">\n<p>No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n<h2 onclick=\"pm('vulnrefstable')\"> <span id=\"pm_vulnrefstable\" class=\"pm\">–<\/span> References For CVE-2019-3494\t<\/h2>\n<\/td>\n<td valign=\"top\" align=\"left\"> <\/td>\n<\/tr>\n<tr readability=\"2.6687116564417\">\n<td readability=\"3.558282208589\">\n<h2 onclick=\"pm('metasploitmodstable')\"> <span id=\"pm_metasploitmodstable\" class=\"pm\">–<\/span> Metasploit Modules Related To CVE-2019-3494<\/h2>\n<\/td>\n<td> <\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/td>\n<td align=\"left\" valign=\"top\"> <\/td>\n<\/tr>\n<\/table>\n<div class=\"disclaimer\" readability=\"11.704301075269\"> CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is <a href=\"http:\/\/cve.mitre.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">MITRE’s CVE web site<\/a>. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is <a href=\"http:\/\/cwe.mitre.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">MITRE’s CWE web site<\/a>. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is <a href=\"http:\/\/oval.mitre.org\" target=\"_blank\" rel=\"noopener noreferrer\">MITRE’s OVAL web site<\/a>.\n<\/div>\n<p>\nUse of this information constitutes acceptance for use in an AS IS condition.<br \/>\nThere are NO warranties, implied or otherwise, with regard to this information or its use.<br \/>\nAny use of this information is at the user’s risk.<br \/>\nIt is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.<br \/>\nEACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.<br \/>\nALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,<br \/>\nINDIRECT or any other kind of loss.\n<\/p>\n<p> <\/body><br \/>\n\u0645\u062f\u06cc\u0631\u06cc\u062a \u0633\u0631\u0648\u0631 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646\u06cc \u0648 \u0645\u0634\u0627\u0648\u0631\u0647 – \u062b\u0628\u062a \u062f\u0627\u0645\u0646\u0647<\/p>\n","protected":false},"excerpt":{"rendered":"<p>
CVE-2019-3494 : Simply-Blog through 2019-01-01 has SQL Injection via the admin\/deleteCategories.php delete parameter.
Simply-Blog through 2019-01-01 has SQL Injection via the admin\/deleteCategories.php delete parameter. Publish Date : …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-10123","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/10123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=10123"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/10123\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=10123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=10123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=10123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}