CVE-2013-0735
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: PSIRT-CNA@flexerasoftware.com — http://secunia.com/secunia_research/2013-4
Vendor advisory: PSIRT-CNA@flexerasoftware.com — http://secunia.com/advisories/52167
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cartpauj | mingle-forum | {"endIncluding":"1.0.33"} | |
| cartpauj | mingle-forum | 1.0.00 | |
| cartpauj | mingle-forum | 1.0.01 | |
| cartpauj | mingle-forum | 1.0.02 | |
| cartpauj | mingle-forum | 1.0.03 | |
| cartpauj | mingle-forum | 1.0.04 | |
| cartpauj | mingle-forum | 1.0.05 | |
| cartpauj | mingle-forum | 1.0.06 | |
| cartpauj | mingle-forum | 1.0.07 | |
| cartpauj | mingle-forum | 1.0.08 | |
| cartpauj | mingle-forum | 1.0.09 | |
| cartpauj | mingle-forum | 1.0.10 | |
| cartpauj | mingle-forum | 1.0.11 | |
| cartpauj | mingle-forum | 1.0.12 | |
| cartpauj | mingle-forum | 1.0.13 | |
| cartpauj | mingle-forum | 1.0.14 | |
| cartpauj | mingle-forum | 1.0.15 | |
| cartpauj | mingle-forum | 1.0.16 | |
| cartpauj | mingle-forum | 1.0.17 | |
| cartpauj | mingle-forum | 1.0.18 | |
| cartpauj | mingle-forum | 1.0.19 | |
| cartpauj | mingle-forum | 1.0.20 | |
| cartpauj | mingle-forum | 1.0.21 | |
| cartpauj | mingle-forum | 1.0.21.1 | |
| cartpauj | mingle-forum | 1.0.22 | |
| cartpauj | mingle-forum | 1.0.23 | |
| cartpauj | mingle-forum | 1.0.23.1 | |
| cartpauj | mingle-forum | 1.0.23.2 | |
| cartpauj | mingle-forum | 1.0.24 | |
| cartpauj | mingle-forum | 1.0.25 | |
| cartpauj | mingle-forum | 1.0.26 | |
| cartpauj | mingle-forum | 1.0.27 | |
| cartpauj | mingle-forum | 1.0.28 | |
| cartpauj | mingle-forum | 1.0.28.1 | |
| cartpauj | mingle-forum | 1.0.28.2 | |
| cartpauj | mingle-forum | 1.0.29 | |
| cartpauj | mingle-forum | 1.0.30 | |
| cartpauj | mingle-forum | 1.0.31 | |
| cartpauj | mingle-forum | 1.0.31.1 | |
| cartpauj | mingle-forum | 1.0.31.2 | |
| cartpauj | mingle-forum | 1.0.31.3 | |
| cartpauj | mingle-forum | 1.0.31.4 | |
| cartpauj | mingle-forum | 1.0.32 | |
| cartpauj | mingle-forum | 1.0.32.1 | |
| wordpress | wordpress | - | |
References
- http://osvdb.org/90434
- http://secunia.com/advisories/52167
- http://secunia.com/secunia_research/2013-4
- http://www.securityfocus.com/bid/58059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82188
- http://osvdb.org/90434
- http://secunia.com/advisories/52167
- http://secunia.com/secunia_research/2013-4
- http://www.securityfocus.com/bid/58059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82188
CWEs
CWE-89
Verify integrity in audit chain (admin only). AS-IS.