7.5
CVE-2013-0735
- EPSS 2.18%
- Veröffentlicht 02.04.2014 18:55:21
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginMingle Forum <= 1.0.33.3 - SQL Injection
Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.
Mögliche Gegenmaßnahme
Mingle Forum: Update to version 1.0.34, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cartpauj ≫ Mingle-forum Version <= 1.0.33
Cartpauj ≫ Mingle-forum Version1.0.00
Cartpauj ≫ Mingle-forum Version1.0.01
Cartpauj ≫ Mingle-forum Version1.0.02
Cartpauj ≫ Mingle-forum Version1.0.03
Cartpauj ≫ Mingle-forum Version1.0.04
Cartpauj ≫ Mingle-forum Version1.0.05
Cartpauj ≫ Mingle-forum Version1.0.06
Cartpauj ≫ Mingle-forum Version1.0.07
Cartpauj ≫ Mingle-forum Version1.0.08
Cartpauj ≫ Mingle-forum Version1.0.09
Cartpauj ≫ Mingle-forum Version1.0.10
Cartpauj ≫ Mingle-forum Version1.0.11
Cartpauj ≫ Mingle-forum Version1.0.12
Cartpauj ≫ Mingle-forum Version1.0.13
Cartpauj ≫ Mingle-forum Version1.0.14
Cartpauj ≫ Mingle-forum Version1.0.15
Cartpauj ≫ Mingle-forum Version1.0.16
Cartpauj ≫ Mingle-forum Version1.0.17
Cartpauj ≫ Mingle-forum Version1.0.18
Cartpauj ≫ Mingle-forum Version1.0.19
Cartpauj ≫ Mingle-forum Version1.0.20
Cartpauj ≫ Mingle-forum Version1.0.21
Cartpauj ≫ Mingle-forum Version1.0.21.1
Cartpauj ≫ Mingle-forum Version1.0.22
Cartpauj ≫ Mingle-forum Version1.0.23
Cartpauj ≫ Mingle-forum Version1.0.23.1
Cartpauj ≫ Mingle-forum Version1.0.23.2
Cartpauj ≫ Mingle-forum Version1.0.24
Cartpauj ≫ Mingle-forum Version1.0.25
Cartpauj ≫ Mingle-forum Version1.0.26
Cartpauj ≫ Mingle-forum Version1.0.27
Cartpauj ≫ Mingle-forum Version1.0.28
Cartpauj ≫ Mingle-forum Version1.0.28.1
Cartpauj ≫ Mingle-forum Version1.0.28.2
Cartpauj ≫ Mingle-forum Version1.0.29
Cartpauj ≫ Mingle-forum Version1.0.30
Cartpauj ≫ Mingle-forum Version1.0.31
Cartpauj ≫ Mingle-forum Version1.0.31.1
Cartpauj ≫ Mingle-forum Version1.0.31.2
Cartpauj ≫ Mingle-forum Version1.0.31.3
Cartpauj ≫ Mingle-forum Version1.0.31.4
Cartpauj ≫ Mingle-forum Version1.0.32
Cartpauj ≫ Mingle-forum Version1.0.32.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Mingle Forum
Version
*-1.0.33.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.18% | 0.8 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
http://secunia.com/advisories/52167
http://www.securityfocus.com/bid/58059
http://osvdb.org/90434
http://secunia.com/secunia_research/2013-4
https://exchange.xforce.ibmcloud.com/vulnerabilities/82188
https://www.wordfence.com/threat-intel/vulnerabilities/id/282a26e8-4848-4e40-bfe5-fe2ba40f198e