SQL Injection Vulnerability in WP Symposium Plugin for WordPress
CVE-2015-3325

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Symposium
Vendor: CVE Published:; 15 May 2015

Summary

The WP Symposium plugin for WordPress suffers from an SQL injection vulnerability in the forum.php file. This flaw allows remote attackers to send malicious SQL queries through the 'show' parameter in the QUERY_STRING of the default URI, enabling unauthorized access and manipulation of the database. Attackers can exploit this vulnerability to execute arbitrary SQL commands, potentially compromising sensitive data and the overall security of affected WordPress installations.

References

http://www.securityfocus.com/bid/74237

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/131801/WordPress-WP-...

x_refsource_MISC

https://www.exploit-db.com/exploits/37080/

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability published
May 15, 2015
Vulnerability Reserved
Apr 16, 2015