PT-2008-2020 · WordPress · Forumwp
Refresh
+2
·
Published
2008-01-23
·
Updated
2017-09-29
·
CVE-2008-0388
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WP-Forum plugin for WordPress version 1.7.4
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
user parameter in a showprofile action to the default URI.Recommendations
For WP-Forum plugin for WordPress version 1.7.4, consider updating to a newer version that addresses this issue, as using the
user parameter in the affected API endpoint can pose a significant risk. As a temporary workaround, restrict access to the showprofile action to minimize the risk of exploitation.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Forumwp