3 results (0.001 seconds)

CVSS: 9.8EPSS: 96%CPEs: 1EXPL: 2

SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php. Vulnerabilidad de inyección SQL en el plugin WP Symposium en versiones anteriores a 15.8 para WordPress, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro size a get_album_item.php. • https://www.exploit-db.com/exploits/37824 https://wpvulndb.com/vulnerabilities/8140 - • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI. Vulnerabilidad de inyección SQL en forum.php en el plugin WP Symposium anterior a 15.4 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro show en QUERY_STRING en la URI por defecto. WordPress WP Symposium plugin version 15.1 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/37080 http://packetstormsecurity.com/files/131801/WordPress-WP-Symposium-15.1-SQL-Injection.html http://www.securityfocus.com/bid/74237 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 9%CPEs: 16EXPL: 0

Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot. Múltiples vulnerabilidades de subida de ficheros sin restricción en el complemento WP Symposium antes de v11.12.24 para WordPress, permite a atacantes remotos ejecutar código de su elección subiendo un fichero con una extensión ejecutable usando (1) uploadify/upload_admin_avatar.php o (2) uploadify/upload_profile_avatar.php, y accediendo posteriormente a él a través de una petición directa al fichero en un directorio no especificado dentro del webroot. • http://osvdb.org/78041 http://osvdb.org/78042 http://secunia.com/advisories/46097 http://secunia.com/secunia_research/2011-91 https://exchange.xforce.ibmcloud.com/vulnerabilities/72012 https://wpsymposium-trac.sourcerepo.com/wpsymposium_trac/ticket/265 • CWE-434: Unrestricted Upload of File with Dangerous Type •