WordPress.WP-Forum.Plugin.Multiple.SQL.Injections
Description
This indicates an attack attempt against multiple SQL injection vulnerabilities in WordPress WP-Forum plugin.
The vulnerability is a result of the software's failure to properly sanitize some parameter values that are passed to the WP-Forum plugin. An attacker can include an arbitrary SQL statement by supplying an injection string through the URL.
Affected Products
WP-Forum WP-Forum 1.7.8
WP-Forum WP-Forum 1.7.4
WP-Forum WP-Forum 2.3
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Upgrade to the latest version, available from the web site.
http://wordpress.org/extend/plugins/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |