CVE-2012-2109
Published Sep 4, 2012
Last updated 6 years ago
Overview
- Description
- SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:buddypress:buddypress:1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9394196-1CA1-483C-AD08-A3E0394DDF10"
},
{
"criteria": "cpe:2.3:a:buddypress:buddypress:1.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D27C624-D322-422D-B13A-62F1E13ABD4F"
},
{
"criteria": "cpe:2.3:a:buddypress:buddypress:1.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC4674DD-27E1-42C9-8344-D813463F8D15"
},
{
"criteria": "cpe:2.3:a:buddypress:buddypress:1.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26D57394-2AAA-4C74-AE60-E3FAE065BE0A"
},
{
"criteria": "cpe:2.3:a:buddypress:buddypress:1.5.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2B8A697-123A-46D8-80DC-B5261C51F5D0"
},
{
"criteria": "cpe:2.3:a:buddypress:buddypress:1.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B617F2D6-3BF1-4A12-9B49-61B06916FF7D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]