2 matches found
WordPress WP Symposium Plugin 'tray' SQL Injection Vulnerability
WordPress WP Symposium plugins are web plugins that add social features. WP Symposium fails to properly filter the value of the 'tray' POST parameter in wp-symposium/ajax/mailfunctions.php when action is set to getMailMessage and mid is set to a valid message ID, allowing attackers to inject...
Sql injection
SQL injection vulnerability in ajax/mailfunctions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action...