CVE-2011-3841

The CVE-2011-3841 entry concerns the WordPress WP Symposium plugin vulnerability: a Cross-Site Scripting (XSS) flaw in the file uploadify/get_profile_avatar.php that allows arbitrary script/HTML injection via the uid parameter. Affected versions are before 11.12.08. Root cause: input handling in ...

WordPress Symposium Plugin <= 11.12.07 - XSS

Because of this vulnerability in uploadify/getprofileavatar.php, the attackers can inject arbitrary web script or HTML via the "uid" parameter. Solution Update the plugin...

WordPress WP Symposium plugin <= 0.64 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress WP Symposium plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- $uid = $REQUEST'uid'; $sql = "SELECT profileavatar FROM ".$wpdb-baseprefix."symposiumusermeta WHERE...

WordPress Plugin Symposium 0.64 - SQL Injection

WordPress Plugin Symposium 0.64 - SQL Injection Exploit Title: WordPress WP Symposium plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- $uid = $REQUEST'uid'; $sql = "SELECT profileavatar FROM ".$wpdb-baseprefix."symposiumusermeta WHERE uid =...