Home > Vulnerability Database > CVE-2011-1047

WhiteSource Vulnerability Database

CVE-2011-1047

Good to know:

Date: February 21, 2011

Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.

Language: PHP

Severity Score

7.5

Related Resources (5)

Url: http://osvdb.org/70993

Url: http://www.securityfocus.com/archive/1/516402/100/0/threaded

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-1047

Url: http://www.securityfocus.com/archive/1/516400/100/0/threaded

Url: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2011-1047

Severity Score

7.5

Weakness Type (CWE)

SQL Injection

CWE-89

Top Fix

Upgrade Version

No fix version available

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

WhiteSource Vulnerability Database

We found results for “”

CVE-2011-1047

Good to know:

Date: February 21, 2011

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v2

Do you need more information?