Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2109

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2109
Last Modified 05 Sep 2012 12:00:00
Published 04 Sep 2012 04:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2109

Summary

SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.

Vulnerable Systems

Application

  • Buddypress Plugin 1.5

  • Buddypress Plugin 1.5.1

  • Buddypress Plugin 1.5.2

  • Buddypress Plugin 1.5.3

  • Buddypress Plugin 1.5.3.1

  • Buddypress Plugin 1.5.4


References

MLIST - [oss-security] 20120416 Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4

MLIST - [oss-security] 20120415 CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4

EXPLOIT-DB - 18690

BUGTRAQ - 20120331 SQL injection in Wordpress plugin Buddypress

OSVDB - 80763

CONFIRM - http://buddypress.org/2012/03/buddypress-1-5-5/


Last Updated: 27 May 2016 11:00:27