Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Fahlstad WP-Forum多个SQL注入漏洞
Vulnerability Description
WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL 数据库的服务器上架设自己的网志。WordPress的WP-Forum plugin 2.4以前的版本存在多个SQL注入漏洞,远程攻击者可以借助(1)与wpf.class.php相关的默认URI的搜一个索操作中的search_max参数; (2)与wpf.class.php相关的未明组件的forum参数; (3)与wpf.class.php中的remove_topic函数相关的默认URI的一个viewforum操作中的t
CVSS Information
N/A
Vulnerability Type
N/A