Multiple SQL injection vulnerabilities in the WP-Forum plugin prior to 2.4 for WordPress allow remote malicious users to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fahlstad wp-forum 1.7.4 |
||
fahlstad wp-forum 2.1 |
||
fahlstad wp-forum 1.6 |
||
fahlstad wp-forum 1.5 |
||
fahlstad wp-forum 1.8 |
||
fahlstad wp-forum |
||
fahlstad wp-forum 1.7.3 |
||
fahlstad wp-forum 1.7 |
||
fahlstad wp-forum 1.7.8 |
||
fahlstad wp-forum 2.0 |