Vulnerabilites related to cartpauj - mingle-forum
CVE-2013-0734 (GCVE-0-2013-0734)
Vulnerability from cvelistv5
Published
2014-03-28 15:00
Modified
2024-08-06 14:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/secunia_research/2013-3 | x_refsource_MISC | |
| http://secunia.com/advisories/52167 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/90433 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82187 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/90432 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/58059 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2013-3"
},
{
"name": "52167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52167"
},
{
"name": "90433",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90433"
},
{
"name": "wp-mingleforum-index-admin-xss(82187)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82187"
},
{
"name": "90432",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90432"
},
{
"name": "58059",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2013-3"
},
{
"name": "52167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52167"
},
{
"name": "90433",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90433"
},
{
"name": "wp-mingleforum-index-admin-xss(82187)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82187"
},
{
"name": "90432",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90432"
},
{
"name": "58059",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-0734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2013-3",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2013-3"
},
{
"name": "52167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52167"
},
{
"name": "90433",
"refsource": "OSVDB",
"url": "http://osvdb.org/90433"
},
{
"name": "wp-mingleforum-index-admin-xss(82187)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82187"
},
{
"name": "90432",
"refsource": "OSVDB",
"url": "http://osvdb.org/90432"
},
{
"name": "58059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-0734",
"datePublished": "2014-03-28T15:00:00",
"dateReserved": "2013-01-02T00:00:00",
"dateUpdated": "2024-08-06T14:33:05.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5327 (GCVE-0-2012-5327)
Vulnerability from cvelistv5
Published
2012-10-08 20:00
Modified
2024-08-06 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://wordpress.org/extend/plugins/mingle-forum/changelog/ | x_refsource_CONFIRM | |
| http://plugins.trac.wordpress.org/changeset?reponame=&new=492859%40mingle-forum&old=487353%40mingle-forum | x_refsource_CONFIRM | |
| http://packetstormsecurity.org/files/view/108915/wpmingleforum-sqlxss.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72641 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:46.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/mingle-forum/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026new=492859%40mingle-forum\u0026old=487353%40mingle-forum"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/view/108915/wpmingleforum-sqlxss.txt"
},
{
"name": "mingleforum-admin-sql-injection(72641)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72641"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/mingle-forum/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026new=492859%40mingle-forum\u0026old=487353%40mingle-forum"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/view/108915/wpmingleforum-sqlxss.txt"
},
{
"name": "mingleforum-admin-sql-injection(72641)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72641"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/extend/plugins/mingle-forum/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/mingle-forum/changelog/"
},
{
"name": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026new=492859@mingle-forum\u0026old=487353@mingle-forum",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026new=492859@mingle-forum\u0026old=487353@mingle-forum"
},
{
"name": "http://packetstormsecurity.org/files/view/108915/wpmingleforum-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/108915/wpmingleforum-sqlxss.txt"
},
{
"name": "mingleforum-admin-sql-injection(72641)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72641"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5327",
"datePublished": "2012-10-08T20:00:00",
"dateReserved": "2012-10-08T00:00:00",
"dateUpdated": "2024-08-06T21:05:46.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0735 (GCVE-0-2013-0735)
Vulnerability from cvelistv5
Published
2014-04-02 18:00
Modified
2024-08-06 14:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/52167 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/90434 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/secunia_research/2013-4 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82188 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/58059 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52167"
},
{
"name": "90434",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90434"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2013-4"
},
{
"name": "wp-mingleforum-index-sql-injection(82188)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82188"
},
{
"name": "58059",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "52167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52167"
},
{
"name": "90434",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90434"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2013-4"
},
{
"name": "wp-mingleforum-index-sql-injection(82188)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82188"
},
{
"name": "58059",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-0735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52167"
},
{
"name": "90434",
"refsource": "OSVDB",
"url": "http://osvdb.org/90434"
},
{
"name": "http://secunia.com/secunia_research/2013-4",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2013-4"
},
{
"name": "wp-mingleforum-index-sql-injection(82188)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82188"
},
{
"name": "58059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-0735",
"datePublished": "2014-04-02T18:00:00",
"dateReserved": "2013-01-02T00:00:00",
"dateUpdated": "2024-08-06T14:33:05.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0736 (GCVE-0-2013-0736)
Vulnerability from cvelistv5
Published
2013-10-09 22:00
Modified
2024-09-16 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/62133 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/96905 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/secunia_research/2013-6 | x_refsource_MISC | |
| http://secunia.com/advisories/47687 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62133",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62133"
},
{
"name": "96905",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96905"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2013-6"
},
{
"name": "47687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47687"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-09T22:00:00Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "62133",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62133"
},
{
"name": "96905",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96905"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2013-6"
},
{
"name": "47687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47687"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-0736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62133"
},
{
"name": "96905",
"refsource": "OSVDB",
"url": "http://osvdb.org/96905"
},
{
"name": "http://secunia.com/secunia_research/2013-6",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2013-6"
},
{
"name": "47687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47687"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-0736",
"datePublished": "2013-10-09T22:00:00Z",
"dateReserved": "2013-01-02T00:00:00Z",
"dateUpdated": "2024-09-16T20:16:36.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5328 (GCVE-0-2012-5328)
Vulnerability from cvelistv5
Published
2012-10-08 20:00
Modified
2024-09-16 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://wordpress.org/extend/plugins/mingle-forum/changelog/ | x_refsource_CONFIRM | |
| http://plugins.trac.wordpress.org/changeset?reponame=&new=492859%40mingle-forum&old=487353%40mingle-forum | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:46.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/extend/plugins/mingle-forum/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026new=492859%40mingle-forum\u0026old=487353%40mingle-forum"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-08T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/extend/plugins/mingle-forum/changelog/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026new=492859%40mingle-forum\u0026old=487353%40mingle-forum"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/extend/plugins/mingle-forum/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/mingle-forum/changelog/"
},
{
"name": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026new=492859@mingle-forum\u0026old=487353@mingle-forum",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026new=492859@mingle-forum\u0026old=487353@mingle-forum"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5328",
"datePublished": "2012-10-08T20:00:00Z",
"dateReserved": "2012-10-08T00:00:00Z",
"dateUpdated": "2024-09-16T17:54:27.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-10-08 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86442062-55D6-44A0-8ADC-415116F0519D",
"versionEndIncluding": "1.0.32.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0575F80A-8CF3-4E21-8A00-8CF98B0A2ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "840FCA04-3334-4D4A-9F89-42DAEB6D6163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDBBB4B-1ED6-4F90-8FF6-2B4137FF7729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB7EBEF-CEED-4947-B751-B675733ABD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "AF012118-3D0B-44DA-93D2-8D3C3C39CF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B708A6F8-F41A-4DC9-B943-720A57C614F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.06:*:*:*:*:*:*:*",
"matchCriteriaId": "C0978EC7-8F0E-47C1-88F9-3D695F4B9B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.07:*:*:*:*:*:*:*",
"matchCriteriaId": "9F23F22C-FAC4-4933-AC93-B526B6E2CA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.08:*:*:*:*:*:*:*",
"matchCriteriaId": "292551C2-6279-47F4-A878-3E83E71FFD1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "95F56C25-68B4-46E9-8D91-9832759C6026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF3FA6A-5C03-4817-87FC-12603DF05332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EB033E81-9346-4160-B83B-E67D264DBEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "99C8F213-BED5-438A-BDB4-3DA5F4B4D158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "24EC039D-E4BD-4F85-82E2-E74F50C1E4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF7E37B-61C4-4354-9A7C-92C47F25A608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75DACF-1E07-4940-B4CD-D80845FE351C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED47732-4DBD-4374-8C47-859455D4CEDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4448FE-8B97-44A8-ADC4-9041751084AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C95A3680-677E-4862-801D-AFA4391D8828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CA87C76B-898B-4978-BD3E-4FB04C18CBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFF9F60-0181-4ABA-B6F3-45E7460E4E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A5306D96-3FCA-467D-AE66-37BEFB44ACFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D34BD47A-A20F-498E-856A-12BADA8A666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1E548339-70C7-4346-B23A-7D2C3ABC7486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "936CA7DC-AB5C-4E6F-B50D-71E0408F06B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59D2E42A-FDD0-4A30-A62D-E17AC027C768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3071F8CA-748D-44A7-AAE9-FC5F2E50ED15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "CF92294F-9ABE-4038-B3DA-C16C0515666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "500BE334-4811-440D-BF65-0D1DC3328FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "5C16C002-2F14-4926-9CF2-50745EA0F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF093A7-6343-4EBE-9A06-AE670F4D9119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7E93A0CE-2B4B-498F-95E4-C33D1850C876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "181E1DF5-CB65-4219-96AF-82C270B7EAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A033047B-8178-4BCC-AAC1-944EC0FE0143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "626382E0-7A71-4191-A92C-058E36850D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6381407B-C185-4A08-94A4-7325B693DFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "1818BA74-491B-4C7C-AAFF-9CB7E7CBCEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F731579-C039-4631-A159-3F03C15CE9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4393F949-DB12-4AC2-9DF5-FCBDCE366261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE317122-A3D1-4FD2-9712-8458A009F9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94A469D5-9AC7-4D47-8FCC-905D45CE096F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "3F976A13-60CA-47C1-8A56-40FC20F120B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el complemento Mingle Forum v1.0.32.1 y otras versiones antes de v1.0.33 para WordPress podr\u00eda permitir a usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s de los par\u00e1metros (1) memberid o (2) groupid en una acci\u00f3n removemember o el par\u00e1metro (3) id a fs-admin/fs-admin.php, o el par\u00e1metro (4) edit_forum_id parameter en una acci\u00f3n edit_save_forum a fs-admin/wpf-edit-forum-group.php."
}
],
"id": "CVE-2012-5328",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-08T20:55:01.823",
"references": [
{
"source": "cve@mitre.org",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026new=492859%40mingle-forum\u0026old=487353%40mingle-forum"
},
{
"source": "cve@mitre.org",
"url": "http://wordpress.org/extend/plugins/mingle-forum/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026new=492859%40mingle-forum\u0026old=487353%40mingle-forum"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wordpress.org/extend/plugins/mingle-forum/changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-02 18:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5245734-341E-488D-9666-71F5B110B7A3",
"versionEndIncluding": "1.0.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0575F80A-8CF3-4E21-8A00-8CF98B0A2ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "840FCA04-3334-4D4A-9F89-42DAEB6D6163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDBBB4B-1ED6-4F90-8FF6-2B4137FF7729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB7EBEF-CEED-4947-B751-B675733ABD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "AF012118-3D0B-44DA-93D2-8D3C3C39CF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B708A6F8-F41A-4DC9-B943-720A57C614F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.06:*:*:*:*:*:*:*",
"matchCriteriaId": "C0978EC7-8F0E-47C1-88F9-3D695F4B9B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.07:*:*:*:*:*:*:*",
"matchCriteriaId": "9F23F22C-FAC4-4933-AC93-B526B6E2CA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.08:*:*:*:*:*:*:*",
"matchCriteriaId": "292551C2-6279-47F4-A878-3E83E71FFD1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "95F56C25-68B4-46E9-8D91-9832759C6026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF3FA6A-5C03-4817-87FC-12603DF05332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EB033E81-9346-4160-B83B-E67D264DBEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "99C8F213-BED5-438A-BDB4-3DA5F4B4D158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "24EC039D-E4BD-4F85-82E2-E74F50C1E4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF7E37B-61C4-4354-9A7C-92C47F25A608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75DACF-1E07-4940-B4CD-D80845FE351C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED47732-4DBD-4374-8C47-859455D4CEDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4448FE-8B97-44A8-ADC4-9041751084AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C95A3680-677E-4862-801D-AFA4391D8828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CA87C76B-898B-4978-BD3E-4FB04C18CBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFF9F60-0181-4ABA-B6F3-45E7460E4E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A5306D96-3FCA-467D-AE66-37BEFB44ACFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D34BD47A-A20F-498E-856A-12BADA8A666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1E548339-70C7-4346-B23A-7D2C3ABC7486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "936CA7DC-AB5C-4E6F-B50D-71E0408F06B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59D2E42A-FDD0-4A30-A62D-E17AC027C768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3071F8CA-748D-44A7-AAE9-FC5F2E50ED15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "CF92294F-9ABE-4038-B3DA-C16C0515666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "500BE334-4811-440D-BF65-0D1DC3328FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "5C16C002-2F14-4926-9CF2-50745EA0F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF093A7-6343-4EBE-9A06-AE670F4D9119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7E93A0CE-2B4B-498F-95E4-C33D1850C876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "181E1DF5-CB65-4219-96AF-82C270B7EAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A033047B-8178-4BCC-AAC1-944EC0FE0143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "626382E0-7A71-4191-A92C-058E36850D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6381407B-C185-4A08-94A4-7325B693DFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "1818BA74-491B-4C7C-AAFF-9CB7E7CBCEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F731579-C039-4631-A159-3F03C15CE9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4393F949-DB12-4AC2-9DF5-FCBDCE366261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE317122-A3D1-4FD2-9712-8458A009F9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94A469D5-9AC7-4D47-8FCC-905D45CE096F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "3F976A13-60CA-47C1-8A56-40FC20F120B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.32.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A89A57B-8CB6-4778-A410-84ADFC59B8E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en wpf.class.php en el plugin Mingle Forum anterior a 1.0.34 para WordPress permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro id en un viewtopic (1) remove_post, (2) sticky o (3) closed action o un par\u00e1metro (4) thread en una acci\u00f3n postreply hacia index.php."
}
],
"id": "CVE-2013-0735",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-02T18:55:21.657",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://osvdb.org/90434"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52167"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2013-4"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/58059"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2013-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82188"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-09 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75391F81-6F01-4B3D-BD2E-9C4F05C77C8D",
"versionEndIncluding": "1.0.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0575F80A-8CF3-4E21-8A00-8CF98B0A2ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "840FCA04-3334-4D4A-9F89-42DAEB6D6163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDBBB4B-1ED6-4F90-8FF6-2B4137FF7729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB7EBEF-CEED-4947-B751-B675733ABD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "AF012118-3D0B-44DA-93D2-8D3C3C39CF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B708A6F8-F41A-4DC9-B943-720A57C614F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.06:*:*:*:*:*:*:*",
"matchCriteriaId": "C0978EC7-8F0E-47C1-88F9-3D695F4B9B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.07:*:*:*:*:*:*:*",
"matchCriteriaId": "9F23F22C-FAC4-4933-AC93-B526B6E2CA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.08:*:*:*:*:*:*:*",
"matchCriteriaId": "292551C2-6279-47F4-A878-3E83E71FFD1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "95F56C25-68B4-46E9-8D91-9832759C6026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF3FA6A-5C03-4817-87FC-12603DF05332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EB033E81-9346-4160-B83B-E67D264DBEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "99C8F213-BED5-438A-BDB4-3DA5F4B4D158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "24EC039D-E4BD-4F85-82E2-E74F50C1E4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF7E37B-61C4-4354-9A7C-92C47F25A608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75DACF-1E07-4940-B4CD-D80845FE351C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED47732-4DBD-4374-8C47-859455D4CEDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4448FE-8B97-44A8-ADC4-9041751084AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C95A3680-677E-4862-801D-AFA4391D8828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CA87C76B-898B-4978-BD3E-4FB04C18CBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFF9F60-0181-4ABA-B6F3-45E7460E4E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A5306D96-3FCA-467D-AE66-37BEFB44ACFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D34BD47A-A20F-498E-856A-12BADA8A666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1E548339-70C7-4346-B23A-7D2C3ABC7486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "936CA7DC-AB5C-4E6F-B50D-71E0408F06B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59D2E42A-FDD0-4A30-A62D-E17AC027C768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3071F8CA-748D-44A7-AAE9-FC5F2E50ED15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "CF92294F-9ABE-4038-B3DA-C16C0515666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "500BE334-4811-440D-BF65-0D1DC3328FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "5C16C002-2F14-4926-9CF2-50745EA0F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF093A7-6343-4EBE-9A06-AE670F4D9119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7E93A0CE-2B4B-498F-95E4-C33D1850C876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "181E1DF5-CB65-4219-96AF-82C270B7EAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A033047B-8178-4BCC-AAC1-944EC0FE0143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "626382E0-7A71-4191-A92C-058E36850D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6381407B-C185-4A08-94A4-7325B693DFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "1818BA74-491B-4C7C-AAFF-9CB7E7CBCEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F731579-C039-4631-A159-3F03C15CE9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4393F949-DB12-4AC2-9DF5-FCBDCE366261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE317122-A3D1-4FD2-9712-8458A009F9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94A469D5-9AC7-4D47-8FCC-905D45CE096F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "3F976A13-60CA-47C1-8A56-40FC20F120B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.32.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A89A57B-8CB6-4778-A410-84ADFC59B8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A6618-9067-441F-A57D-B4B5C1D02BE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) modify user privileges or (2) conduct cross-site scripting (XSS) attacks via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades CSRF en el plugin Mingle Forum 1.0.34 y posiblemente versiones anteriores para WordPress permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores con peticiones que (1) modifiquen los privilegios del usuario o (2) llevan a cabo ataques XSS a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2013-0736",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-10-09T22:55:02.617",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://osvdb.org/96905"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47687"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2013-6"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/62133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2013-6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/62133"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-28 15:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5245734-341E-488D-9666-71F5B110B7A3",
"versionEndIncluding": "1.0.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0575F80A-8CF3-4E21-8A00-8CF98B0A2ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "840FCA04-3334-4D4A-9F89-42DAEB6D6163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDBBB4B-1ED6-4F90-8FF6-2B4137FF7729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB7EBEF-CEED-4947-B751-B675733ABD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "AF012118-3D0B-44DA-93D2-8D3C3C39CF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B708A6F8-F41A-4DC9-B943-720A57C614F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.06:*:*:*:*:*:*:*",
"matchCriteriaId": "C0978EC7-8F0E-47C1-88F9-3D695F4B9B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.07:*:*:*:*:*:*:*",
"matchCriteriaId": "9F23F22C-FAC4-4933-AC93-B526B6E2CA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.08:*:*:*:*:*:*:*",
"matchCriteriaId": "292551C2-6279-47F4-A878-3E83E71FFD1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "95F56C25-68B4-46E9-8D91-9832759C6026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF3FA6A-5C03-4817-87FC-12603DF05332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EB033E81-9346-4160-B83B-E67D264DBEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "99C8F213-BED5-438A-BDB4-3DA5F4B4D158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "24EC039D-E4BD-4F85-82E2-E74F50C1E4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF7E37B-61C4-4354-9A7C-92C47F25A608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75DACF-1E07-4940-B4CD-D80845FE351C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED47732-4DBD-4374-8C47-859455D4CEDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4448FE-8B97-44A8-ADC4-9041751084AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C95A3680-677E-4862-801D-AFA4391D8828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CA87C76B-898B-4978-BD3E-4FB04C18CBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFF9F60-0181-4ABA-B6F3-45E7460E4E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A5306D96-3FCA-467D-AE66-37BEFB44ACFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D34BD47A-A20F-498E-856A-12BADA8A666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1E548339-70C7-4346-B23A-7D2C3ABC7486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "936CA7DC-AB5C-4E6F-B50D-71E0408F06B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59D2E42A-FDD0-4A30-A62D-E17AC027C768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3071F8CA-748D-44A7-AAE9-FC5F2E50ED15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "CF92294F-9ABE-4038-B3DA-C16C0515666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "500BE334-4811-440D-BF65-0D1DC3328FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "5C16C002-2F14-4926-9CF2-50745EA0F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF093A7-6343-4EBE-9A06-AE670F4D9119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7E93A0CE-2B4B-498F-95E4-C33D1850C876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "181E1DF5-CB65-4219-96AF-82C270B7EAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A033047B-8178-4BCC-AAC1-944EC0FE0143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "626382E0-7A71-4191-A92C-058E36850D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6381407B-C185-4A08-94A4-7325B693DFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "1818BA74-491B-4C7C-AAFF-9CB7E7CBCEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F731579-C039-4631-A159-3F03C15CE9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4393F949-DB12-4AC2-9DF5-FCBDCE366261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE317122-A3D1-4FD2-9712-8458A009F9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94A469D5-9AC7-4D47-8FCC-905D45CE096F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "3F976A13-60CA-47C1-8A56-40FC20F120B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.32.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A89A57B-8CB6-4778-A410-84ADFC59B8E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en el plugin Mingle Forum anterior a 1.0.34 para WordPress permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del (1) par\u00e1metro search_words en una acci\u00f3n de b\u00fasqueda hacia wpf.class.php o (2) par\u00e1metro togroupusers en una acci\u00f3n add_user_togroup hacia fs-admin/fs-admin.php."
}
],
"id": "CVE-2013-0734",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-28T15:55:08.327",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://osvdb.org/90432"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://osvdb.org/90433"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52167"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2013-3"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/58059"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2013-3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82187"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-08 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86442062-55D6-44A0-8ADC-415116F0519D",
"versionEndIncluding": "1.0.32.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "0575F80A-8CF3-4E21-8A00-8CF98B0A2ECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "840FCA04-3334-4D4A-9F89-42DAEB6D6163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDBBB4B-1ED6-4F90-8FF6-2B4137FF7729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB7EBEF-CEED-4947-B751-B675733ABD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "AF012118-3D0B-44DA-93D2-8D3C3C39CF11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "B708A6F8-F41A-4DC9-B943-720A57C614F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.06:*:*:*:*:*:*:*",
"matchCriteriaId": "C0978EC7-8F0E-47C1-88F9-3D695F4B9B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.07:*:*:*:*:*:*:*",
"matchCriteriaId": "9F23F22C-FAC4-4933-AC93-B526B6E2CA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.08:*:*:*:*:*:*:*",
"matchCriteriaId": "292551C2-6279-47F4-A878-3E83E71FFD1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "95F56C25-68B4-46E9-8D91-9832759C6026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF3FA6A-5C03-4817-87FC-12603DF05332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EB033E81-9346-4160-B83B-E67D264DBEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "99C8F213-BED5-438A-BDB4-3DA5F4B4D158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "24EC039D-E4BD-4F85-82E2-E74F50C1E4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF7E37B-61C4-4354-9A7C-92C47F25A608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75DACF-1E07-4940-B4CD-D80845FE351C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED47732-4DBD-4374-8C47-859455D4CEDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4448FE-8B97-44A8-ADC4-9041751084AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C95A3680-677E-4862-801D-AFA4391D8828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CA87C76B-898B-4978-BD3E-4FB04C18CBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFF9F60-0181-4ABA-B6F3-45E7460E4E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A5306D96-3FCA-467D-AE66-37BEFB44ACFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D34BD47A-A20F-498E-856A-12BADA8A666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1E548339-70C7-4346-B23A-7D2C3ABC7486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "936CA7DC-AB5C-4E6F-B50D-71E0408F06B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59D2E42A-FDD0-4A30-A62D-E17AC027C768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3071F8CA-748D-44A7-AAE9-FC5F2E50ED15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "CF92294F-9ABE-4038-B3DA-C16C0515666D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "500BE334-4811-440D-BF65-0D1DC3328FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "5C16C002-2F14-4926-9CF2-50745EA0F62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF093A7-6343-4EBE-9A06-AE670F4D9119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "7E93A0CE-2B4B-498F-95E4-C33D1850C876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "181E1DF5-CB65-4219-96AF-82C270B7EAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.28.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A033047B-8178-4BCC-AAC1-944EC0FE0143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "626382E0-7A71-4191-A92C-058E36850D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "6381407B-C185-4A08-94A4-7325B693DFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "1818BA74-491B-4C7C-AAFF-9CB7E7CBCEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F731579-C039-4631-A159-3F03C15CE9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4393F949-DB12-4AC2-9DF5-FCBDCE366261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE317122-A3D1-4FD2-9712-8458A009F9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.31.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94A469D5-9AC7-4D47-8FCC-905D45CE096F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cartpauj:mingle-forum:1.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "3F976A13-60CA-47C1-8A56-40FC20F120B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el complemento Mingle Forum v1.0.32.1 y otras versiones antes de v1.0.33 para WordPress podr\u00eda permitir a usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s de el par\u00e1metro(1) delete_usrgrp[] en una acci\u00f3n delete_usergroups, el par\u00e1metro (2) usergroup en una acci\u00f3n add_user_togroup, o el par\u00e1metro (3) add_forum_group_id en una acci\u00f3n add_forum_submit."
}
],
"id": "CVE-2012-5327",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-08T20:55:01.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/view/108915/wpmingleforum-sqlxss.txt"
},
{
"source": "cve@mitre.org",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026new=492859%40mingle-forum\u0026old=487353%40mingle-forum"
},
{
"source": "cve@mitre.org",
"url": "http://wordpress.org/extend/plugins/mingle-forum/changelog/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/view/108915/wpmingleforum-sqlxss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=\u0026new=492859%40mingle-forum\u0026old=487353%40mingle-forum"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wordpress.org/extend/plugins/mingle-forum/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72641"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}