CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
42.7%
Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.
Vendor | Product | Version | CPE |
---|---|---|---|
cartpauj | mingle-forum | * | cpe:2.3:a:cartpauj:mingle-forum:*:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.00 | cpe:2.3:a:cartpauj:mingle-forum:1.0.00:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.01 | cpe:2.3:a:cartpauj:mingle-forum:1.0.01:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.02 | cpe:2.3:a:cartpauj:mingle-forum:1.0.02:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.03 | cpe:2.3:a:cartpauj:mingle-forum:1.0.03:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.04 | cpe:2.3:a:cartpauj:mingle-forum:1.0.04:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.05 | cpe:2.3:a:cartpauj:mingle-forum:1.0.05:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.06 | cpe:2.3:a:cartpauj:mingle-forum:1.0.06:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.07 | cpe:2.3:a:cartpauj:mingle-forum:1.0.07:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.08 | cpe:2.3:a:cartpauj:mingle-forum:1.0.08:*:*:*:*:*:*:* |