CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
45.4%
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.
Vendor | Product | Version | CPE |
---|---|---|---|
cartpauj | mingle-forum | * | cpe:2.3:a:cartpauj:mingle-forum:*:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.00 | cpe:2.3:a:cartpauj:mingle-forum:1.0.00:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.01 | cpe:2.3:a:cartpauj:mingle-forum:1.0.01:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.02 | cpe:2.3:a:cartpauj:mingle-forum:1.0.02:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.03 | cpe:2.3:a:cartpauj:mingle-forum:1.0.03:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.04 | cpe:2.3:a:cartpauj:mingle-forum:1.0.04:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.05 | cpe:2.3:a:cartpauj:mingle-forum:1.0.05:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.06 | cpe:2.3:a:cartpauj:mingle-forum:1.0.06:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.07 | cpe:2.3:a:cartpauj:mingle-forum:1.0.07:*:*:*:*:*:*:* |
cartpauj | mingle-forum | 1.0.08 | cpe:2.3:a:cartpauj:mingle-forum:1.0.08:*:*:*:*:*:*:* |