CVE-2015-6522 – WP Symposium <= 15.8 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2015-6522
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php. Vulnerabilidad de inyección SQL en el plugin WP Symposium en versiones anteriores a 15.8 para WordPress, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro size a get_album_item.php. • https://www.exploit-db.com/exploits/37824 https://wpvulndb.com/vulnerabilities/8140 - • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-3325 – WP Symposium < 15.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-3325
SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI. Vulnerabilidad de inyección SQL en forum.php en el plugin WP Symposium anterior a 15.4 para WordPress permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro show en QUERY_STRING en la URI por defecto. WordPress WP Symposium plugin version 15.1 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/37080 http://packetstormsecurity.com/files/131801/WordPress-WP-Symposium-15.1-SQL-Injection.html http://www.securityfocus.com/bid/74237 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-8810 – WP Symposium < 14.11 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2014-8810
SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action. Vulnerabilidad de inyección SQL en ajax/mail_functions.php del plugin WP Symposium anterior 14.11 de WordPress permite a usuarios remotos autenticados ejecutar comandos arbitrarios de SQL a través del parámetro en la acción getMailMessage • https://www.exploit-db.com/exploits/35505 http://secunia.com/advisories/62643 http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html http://www.exploit-db.com/exploits/35505 http://www.wpsymposium.com/2014/11/release-information-for-v14-11 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-8809 – WP Symposium <= 14.10 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-8809
Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text parameter in a sendMail action to ajax/mail_functions.php, (3) comment parameter in an add_comment action to ajax/lounge_functions.php, or (4) name parameter in a create_album action to ajax/gallery_functions.php. Vulnerabilidades múltiples XSS en el plugin WP Symposium anterior a 14.11 de WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) parámetro texto en la acción addComment a ajax/profile_functions.php, (2) parámetro compose_text en la acción sendMail a ajax/mail_functions.php, (3) parámetro comentario en la acción add_comment a ajax/lounge_functions.php, o (4) parámetro nombre en la acción create_album a ajax/gallery_functions.php. • http://security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html http://www.wpsymposium.com/release-information-for-v14-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-2694 – WP Symposium <= 13.04 - Open Redirection
https://notcve.org/view.php?id=CVE-2013-2694
Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the u parameter. Vulnerabilidad de redirección abierta en invite.php en el plugin WP Symposium 13.04 para WordPress permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques phishing a través de una URL en el parámetro u. • http://osvdb.org/92274 http://secunia.com/advisories/52925 http://www.securityfocus.com/bid/59045 • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •