CVE-2009-3703

Name of the Vulnerable Software and Affected Versions WP-Forum plugin versions prior to 2.4

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through various parameters, including search max in a search action, forum to an unspecified component, topic in a viewforum action, and id in editpost or viewtopic actions. These parameters are related to files such as wpf.class.php and wpf-post.php, and functions like remove topic.

Recommendations For WP-Forum plugin versions prior to 2.4, update to version 2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the search max, forum, topic, and id parameters in the affected API endpoints until a patch is available. Avoid using these parameters in the default URI for search, viewforum, editpost, and viewtopic actions until the issue is resolved.