CVE-2013-0735

Currently unrated

Key Information:

Vendor: Wordpress
Status: Mingle-forum
Vendor: CVE Published:; 2 April 2014

Summary

Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.

References

http://secunia.com/advisories/52167

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/90434

vdb-entryx_refsource_OSVDB

http://secunia.com/secunia_research/2013-4

x_refsource_MISC

Timeline

Vulnerability published
Apr 2, 2014
Vulnerability Reserved
Jan 2, 2013