CVE-2018-18075

Name of the Vulnerable Software and Affected Versions WikidForum version 2.20

Description The issue concerns SQL Injection, which can be exploited through specific parameters in the software. The vulnerable parameters include parent post id and num records in the 'rpc.php' endpoint, as well as the select sort parameter in the 'index.php?action=search' endpoint.

Recommendations For WikidForum version 2.20, consider restricting access to the rpc.php and index.php endpoints until a patch is available. As a temporary workaround, avoid using the parent post id, num records, and select sort parameters in the affected endpoints to minimize the risk of exploitation.