CVE-2021-25045

CWE-89SQL Injection3 documents3 sources
Severity
7.2HIGH
EPSS
1.2%
top 21.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Asgaros ForumAsgaros Asgaros Forum
Timeline
PublishedJan 24
Latest updateJan 25

Description

The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/asgaros_forum1.15.151.15.15
NVDasgaros/asgaros_forum< 1.15.15

Patches

Patch: plugins.trac.wordpress.orgPatch: plugins.trac.wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-g4j5-9jfg-qj9h: The Asgaros Forum WordPress plugin before 12022-01-25
CVEList
Asgaros Forum < 1.15.15 - Admin+ SQL Injection via forum_id2022-01-24
CVE-2021-25045 (HIGH CVSS 7.2) | The Asgaros Forum WordPress plugin | cvebase.io