PRIOn knowledge basePRION:CVE-2011-1047

HistoryFeb 21, 2011 - 7:00 p.m.

Sql injection

2011-02-2119:00:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

JSON

Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.

CPENameOperatorVersion
forum_servereq1.6.1
forum_servereq1.6.5

CPE	Name	Operator	Version
	forum_server	eq	1.6.1
	forum_server	eq	1.6.5

References

osvdb.org/70993

osvdb.org/70994

secunia.com/advisories/43306

securityreason.com/securityalert/8099

www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin.html

www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_1.html

www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_2.html

www.securityfocus.com/archive/1/516400/100/0/threaded

www.securityfocus.com/archive/1/516402/100/0/threaded

www.securityfocus.com/bid/46362