SQL Injection Vulnerabilities in Wikidforum 2.10 by Wikidforum
CVE-2012-6520

Currently unrated

Key Information:

Vendor: Wikidforum
Status: Wikidforum
Vendor: CVE Published:; 24 January 2013

What is CVE-2012-6520?

Wikidforum 2.10 contains multiple SQL injection vulnerabilities that can be exploited by remote attackers. Specifically, the vulnerabilities arise from improper handling of user-supplied input in the advanced search feature, affecting the 'select_sort' and 'opt_search_select' parameters. By manipulating these parameters, an attacker may execute arbitrary SQL commands, potentially compromising the integrity of the database. While it is crucial to address these vulnerabilities promptly, attempts to reproduce the issue have been inconclusive.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/73980

vdb-entryx_refsource_XF

http://www.openwall.com/lists/oss-security/2012/04/13/4

mailing-listx_refsource_MLIST

http://archives.neohapsis.com/archives/bugtraq/2012-03/00...

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2013
Vulnerability Reserved
Jan 23, 2013

CVE-2012-6520 Data

JSON