CVE-2011-1047 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php which is not properly handled by wpf.class.php (2) id parameter in an editpost action to index.php which is not properly handled by wpf-post.php or (3) topic parameter to feed.php.

Reference

http://osvdb.org/70993 http://osvdb.org/70994 http://secunia.com/advisories/43306 http://securityreason.com/securityalert/8099 http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin.html http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_1.html http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_2.html http://www.securityfocus.com/archive/1/516400/100/0/threaded http://www.securityfocus.com/archive/1/516402/100/0/threaded http://www.securityfocus.com/bid/46362

Share on: