3 matches found
CVE-2015-6522
CVE-2015-6522 is a SQL injection vulnerability in the WordPress WP Symposium plugin, affecting versions before 15.8. The flaw allows remote attackers to execute arbitrary SQL commands through the size parameter of get_album_item.php. Documented sources confirm the vulnerability and its exposure v...
CVE-2015-3325
CVE-2015-3325 affects the WordPress WP Symposium plugin, specifically the forum.php component. The vulnerability is a SQL injection via the show parameter in the QUERY_STRING, allowing an unauthenticated, remote attacker to manipulate or disclose data in the back-end database. The issue is tied t...
CVE-2011-5051
Summary: CVE-2011-5051 affects the WP Symposium WordPress plugin prior to 11.12.24. The vulnerability is an unrestricted file upload in two endpoints (uploadify/upload_admin_avatar.php and uploadify/upload_profile_avatar.php). An attacker could upload a file with an executable extension and then ...