CVE-2011-1047 in Forum Serverinfo

Summary

Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

02/21/2011

Disclosure

02/21/2011

Moderation

VulDB entry created

Entries

1: VDB-56565

CPE

ready

CWE

CWE-89 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.02346

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1047
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1047
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1047/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!