Fortinet Discovers WordPress FV Flowplayer Video Player SQL Injection Vulnerability
Fortinet's FortiGuard Labs has discovered a SQL injection vulnerability in FolioVision FV Flowplayer Video Player plugin for WordPress.
FV Player is a free, easy-to-use, and complete solution for embedding FLV or MP4 videos into your posts or pages. With MP4 videos, FV Player offers 98% coverage even on mobile devices.
A SQL injection vulnerability exists in the FV Flowplayer Video Player plugin through 18.104.22.1687 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
User should apply the patch provided by FolioVision
Fortinet reported the vulnerability to FolioVision on 11 July, 2019.
FolioVision confirmed the vulnerability on 12 July, 2019.
FolioVision released patch for the vulnerability on 12 July, 2019.
This vulnerability was discovered by Tin Duong of Fortinet's FortiGuard Labs.