Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2011-1047

Date: February 21, 2011

Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.

Language: PHP

Severity Score

Related Resources (12)

http://osvdb.org/70993
http://www.securityfocus.com/archive/1/516402/100/0/threaded
https://nvd.nist.gov/vuln/detail/CVE-2011-1047
http://www.securityfocus.com/archive/1/516400/100/0/threaded
http://secunia.com/advisories/43306
http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_1.html
http://osvdb.org/70994
http://www.securityfocus.com/bid/46362
http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin.html
http://securityreason.com/securityalert/8099
http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_2.html
https://www.mend.io/vulnerability-database/CVE-2011-1047

Severity Score

Weakness Type (CWE)

SQL Injection

CWE-89

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us