vendor:
Buddypress
by:
Ivan Terkin
7,5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: Buddypress
Affected Version From: 1.5.4
Affected Version To: 1.5.5
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:buddypress
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012
Buddypress plugin of WordPress remote SQL Injection
A remote SQL injection vulnerability was discovered in the Buddypress plugin of Wordpress. An attacker could exploit this vulnerability by sending a specially crafted HTTP POST request to the wp-load.php file, containing malicious SQL code in the action parameter. This could allow the attacker to execute arbitrary SQL commands on the vulnerable system.
Mitigation:
Upgrade to Buddypress version 1.5.5 or later.
