CVE-2015-3325

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Symposium
Vendor: CVE Published:; 15 May 2015

Summary

SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.

References

http://www.securityfocus.com/bid/74237

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/131801/WordPress-WP-...

x_refsource_MISC

https://www.exploit-db.com/exploits/37080/

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability published
May 15, 2015
Vulnerability Reserved
Apr 16, 2015