PT-2013-1984 · Wikidforum · Wikidforum

Henri Salo

Published

2013-01-24

Updated

2017-08-29

CVE-2012-6520

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Wikidforum version 2.10

Description The issue concerns SQL injection vulnerabilities in the advanced search functionality. Remote attackers can execute arbitrary SQL commands by manipulating the select sort or opt search select parameters.

Recommendations For Wikidforum version 2.10, as a temporary workaround, consider restricting access to the advanced search functionality until a patch is available. Avoid using the select sort and opt search select parameters in the affected search endpoint until the issue is resolved.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2012-6520

Affected Products

Wikidforum

PT-2013-1984 · Wikidforum · Wikidforum

CVE-2012-6520

Weakness Enumeration

Related Identifiers

Affected Products

References · 10