PT-2017-12925 · Unknown · Formcraft Basic

Published

2017-08-23

Updated

2021-09-10

CVE-2017-13137

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FormCraft Basic plugin version 1.0.5

Description The issue concerns SQL injection in the id parameter to the "form.php" endpoint.

Recommendations For FormCraft Basic plugin version 1.0.5, avoid using the id parameter in the form.php endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2017-13137

Formcraft Basic