CVE-2013-0735 Information

Description

Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post (2) sticky or (3) closed action or (4) thread parameter in a postreply action to index.php.

Reference

http://osvdb.org/90434 http://secunia.com/advisories/52167 http://secunia.com/secunia_research/2013-4 http://www.securityfocus.com/bid/58059 https://exchange.xforce.ibmcloud.com/vulnerabilities/82188