CVE-2011-1047
CVE-2011-1047
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/16235unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/70993http://osvdb.org/70994http://secunia.com/advisories/43306http://securityreason.com/securityalert/8099http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_1.htmlhttp://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_2.htmlhttp://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin.htmlhttp://www.securityfocus.com/archive/1/516400/100/0/threadedhttp://www.securityfocus.com/archive/1/516402/100/0/threadedhttp://www.securityfocus.com/bid/46362