Summary
This host is installed with WordPress WP Forum Server plugin and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow attacker to perform SQL Injection attack and gain sensitive information.
Impact Level: Application
Solution
Upgrade to WP Forum Server Wordpress plugin version 1.6.6 or later.
For updates refer to http://wordpress.org/extend/plugins/forum-server/
Insight
The flaws are caused by improper validation of user-supplied input via the 'topic' parameter to '/wp-content/plugins/forum-server/feed.php', which allows attackers to manipulate SQL queries by injecting arbitrary SQL code.
Affected
WP Forum Server Wordpress plugin 1.6.5
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- AudiStat multiple vulnerabilities
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- Adobe ColdFusion Authentication Bypass Vulnerability