Vulners
Lucene search
mingle forum (wordpress plugin) <= 1.0.26 - Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
1. Advisory Information
Title: Multiple Vulnerabilities in Mingle Forum (WordPress Plugin)
Advisory URL: http://www.charleshooper.net/advisories/
Date Published: January 8th, 2011
Vendors Contacted: Paul Carter - Maintainer of plugin.
2. Summary
Mingle Forum is a plugin for the popular blog tool and publishing
platform, WordPress. According to the author of Mingle Forum, "Mingle
Forum has been modified to be lightweight, solid, secure, quick to
setup, [and] easy to use."
There exist multiple vulnerabilities in Mingle Forum, SQL injection
being among them.
3. Vulnerability Information
Packages/Versions Affected: Confirmed on 1.0.24 and 1.0.26
3a. Type: SQL Injection [CWE-89]
3a. Impact: Read application data.
3a. Discussion: There is a SQL injection vulnerability present in the
RSS feed generator. By crafting specific URLs an attacker can retrieve
information from the MySQL database.
3b. Type: SQL Injection [CWE-89]
3b. Impact: Read application data.
3b. Discussion: There is a SQL injection vulnerability present in the
`edit post` functionality. By crafting specific URLs an attacker can
retrieve information from the MySQL database.
3c. Type: Auth Bypass via Direct Request [CWE-425]
3c. Impact: AuthZ is not performed for `edit post` functionality.
3c. Discussion: By browsing directly to the `edit post` page a user can
view and edit any page.
4. PoC & Technical Description
4a.
http://path.to/wordpress/wp-content/plugins/mingle-forum/feed.php?topic=0%20UNION%20SELECT%201,user_email,3,4,5,user_login,7%20FROM%20wp_users%20%23
4b.
http://path.to/forums/?mingleforumaction=editpost&t=1.0&id=0%20UNION%20SELECT%201,2,3,4,5,6,7%20%23
4c. http://path.to/forums/?mingleforumaction=editpost&t=1.0&id=<target
post ID>
5. Report Timeline
12/17/2010 Initial email sent to plugin maintainer.
12/22/2010 Confirmation of first email requested.
12/31/2010 Correct email address obtained. Maintainer contacted again on
this date.
01/01/2010 Received response from plugin maintainer.
01/07/2010 Plugin maintainer releases update that addresses these
vulnerabilities.
6. References
6a. The WordPress Plugin page for Mingle Forum:
http://wordpress.org/extend/plugins/mingle-forum/
7. Legalese
This vulnerability report by Charles Hooper < chooper () plumata com > is
licensed under a Creative Commons Attribution-NonCommercial-ShareAlike
3.0 Unported License.
8. Signature
Public Key: Obtainable via pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBTSiA5BjF72tr3DinAQJxawf8CtPQBDcHJFaS2qzPixcqVojNz7Bo2toK
h96ye1Fkrt+FsyyuRXCBUTCTImtkj8pkmLqDErxzWFWZinzBTESjOtDZ7W5ztr1M
lkFcaa8Rax13iuLPsU/GKKtSn4A8Df2AxJ2wnCd4cyfu4pZNsx4M/RG/XYcYZGj9
GmJiOFau0BKbLoHwCW5o4spg6Ljnpw30ablznbfuaqz/ec9MCPdtDQPAh6/WpVk0
TyjHmr+kZsv5CpC0TBPKSQzKD2ZcRCdNIB0f/dQ04cl5bxXK2ORChePll2F6hpQZ
yMsPj3bOfMlu2Vukq4xorxsXpWSAGcOrTe2kdSM5/cvgcd2r8VNTQQ==
=jLFM
-----END PGP SIGNATURE-----
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1