WP Forum Server is a plugin for Wordpress. The plugin is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. Specifically, the application fails to sanitize data supplied to the 'topic' parameter of the "/wp-content/plugins/forum-server/feed.php" script. WP Forum Server version 1.6.5 is affected.
Ref: http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin.html
11.10.26 - CVE: Not Available
Platform: Web Application - SQL Injection
Ref: http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin.html
11.10.26 - CVE: Not Available
Platform: Web Application - SQL Injection
0 comments:
Post a Comment