[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2012-5327

Date: (C)2012-10-08   (M)2017-08-29
 
CVSS Score: 6.5Access Vector: NETWORK
Exploitability Subscore: 8.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: SINGLE_INSTANCE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.

Reference:
http://packetstormsecurity.org/files/view/108915/wpmingleforum-sqlxss.txt
http://plugins.trac.wordpress.org/changeset?reponame=&new=492859@mingle-forum&old=487353@mingle-forum
http://wordpress.org/extend/plugins/mingle-forum/changelog/
mingleforum-admin-sql-injection(72641)

CPE    43
cpe:/a:cartpauj:mingle-forum:1.0.23.1
cpe:/a:cartpauj:mingle-forum:1.0.20
cpe:/a:cartpauj:mingle-forum:1.0.23.2
cpe:/a:cartpauj:mingle-forum:1.0.22
...
CWE    1
CWE-89

© 2013 SecPod Technologies