6.5
CVE-2012-5327
- EPSS 0.36%
- Veröffentlicht 08.10.2012 20:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMingle Forum <= 1.0.32.1 - SQL Injection
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.
Mögliche Gegenmaßnahme
Mingle Forum: Update to version 1.0.33, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Mingle Forum
Version
*-1.0.32.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cartpauj ≫ Mingle-forum Version <= 1.0.32.1
Cartpauj ≫ Mingle-forum Version1.0.00
Cartpauj ≫ Mingle-forum Version1.0.01
Cartpauj ≫ Mingle-forum Version1.0.02
Cartpauj ≫ Mingle-forum Version1.0.03
Cartpauj ≫ Mingle-forum Version1.0.04
Cartpauj ≫ Mingle-forum Version1.0.05
Cartpauj ≫ Mingle-forum Version1.0.06
Cartpauj ≫ Mingle-forum Version1.0.07
Cartpauj ≫ Mingle-forum Version1.0.08
Cartpauj ≫ Mingle-forum Version1.0.09
Cartpauj ≫ Mingle-forum Version1.0.10
Cartpauj ≫ Mingle-forum Version1.0.11
Cartpauj ≫ Mingle-forum Version1.0.12
Cartpauj ≫ Mingle-forum Version1.0.13
Cartpauj ≫ Mingle-forum Version1.0.14
Cartpauj ≫ Mingle-forum Version1.0.15
Cartpauj ≫ Mingle-forum Version1.0.16
Cartpauj ≫ Mingle-forum Version1.0.17
Cartpauj ≫ Mingle-forum Version1.0.18
Cartpauj ≫ Mingle-forum Version1.0.19
Cartpauj ≫ Mingle-forum Version1.0.20
Cartpauj ≫ Mingle-forum Version1.0.21
Cartpauj ≫ Mingle-forum Version1.0.21.1
Cartpauj ≫ Mingle-forum Version1.0.22
Cartpauj ≫ Mingle-forum Version1.0.23
Cartpauj ≫ Mingle-forum Version1.0.23.1
Cartpauj ≫ Mingle-forum Version1.0.23.2
Cartpauj ≫ Mingle-forum Version1.0.24
Cartpauj ≫ Mingle-forum Version1.0.25
Cartpauj ≫ Mingle-forum Version1.0.26
Cartpauj ≫ Mingle-forum Version1.0.27
Cartpauj ≫ Mingle-forum Version1.0.28
Cartpauj ≫ Mingle-forum Version1.0.28.1
Cartpauj ≫ Mingle-forum Version1.0.28.2
Cartpauj ≫ Mingle-forum Version1.0.29
Cartpauj ≫ Mingle-forum Version1.0.30
Cartpauj ≫ Mingle-forum Version1.0.31
Cartpauj ≫ Mingle-forum Version1.0.31.1
Cartpauj ≫ Mingle-forum Version1.0.31.2
Cartpauj ≫ Mingle-forum Version1.0.31.3
Cartpauj ≫ Mingle-forum Version1.0.31.4
Cartpauj ≫ Mingle-forum Version1.0.32
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.552 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.