Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-7187SQL Injection in Formcraft

CWE-89SQL Injection4 documents4 sources
Severity
7.5HIGHNVD
EPSS
2.1%
top 15.81%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Ncrafts Formcraft
Timeline
PublishedDec 20
Latest updateMay 17

Description

SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDncrafts/formcraft1.3.7+10

🔴Vulnerability Details

2
GHSA
GHSA-pwxv-qqr3-c69v: SQL injection vulnerability in form2022-05-17
CVEList
CVE-2013-7187: SQL injection vulnerability in form2013-12-20

💥Exploits & PoCs

1
Exploit-DB
WordPress Plugin Formcraft - SQL Injection2013-12-02
CVE-2013-7187 — SQL Injection in Ncrafts Formcraft | cvebase