CVE-2013-7187

Published Dec 20, 2013

Last updated 7 years ago

Overview

Description: SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ncrafts:formcraft:*:-:-:*:-:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D2B3F0B-3517-4021-8DC1-9C38F41C9837",
            "versionEndIncluding": "1.3.7"
          },
          {
            "criteria": "cpe:2.3:a:ncrafts:formcraft:1.1:-:-:*:-:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55FF428E-3B5C-43D2-89E8-A1A44FA96583"
          },
          {
            "criteria": "cpe:2.3:a:ncrafts:formcraft:1.2:-:-:*:-:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1652215-60F2-4530-9F8C-5A01912DBC6C"
          },
          {
            "criteria": "cpe:2.3:a:ncrafts:formcraft:1.2.1:-:-:*:-:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "242B6FAC-8245-4EA5-A024-26C489D2D809"
          },
          {
            "criteria": "cpe:2.3:a:ncrafts:formcraft:1.3:-:-:*:-:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0491512-1DA2-4F72-937D-52D2808BC98D"
          },
          {
            "criteria": "cpe:2.3:a:ncrafts:formcraft:1.3.1:-:-:*:-:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF200BD7-DF02-43C3-826D-E2A78F4C89F5"
          },
          {
            "criteria": "cpe:2.3:a:ncrafts:formcraft:1.3.2:-:-:*:-:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "267F655E-C038-4823-A355-0AF79D275FE8"
          },
          {
            "criteria": "cpe:2.3:a:ncrafts:formcraft:1.3.3:-:-:*:-:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "874F5241-9A0A-4981-83E1-7C379D2FF556"
          },
          {
            "criteria": "cpe:2.3:a:ncrafts:formcraft:1.3.4:-:-:*:-:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFB4ED20-EC5E-4B19-9AE4-95647DB6B3AE"
          },
          {
            "criteria": "cpe:2.3:a:ncrafts:formcraft:1.3.5:-:-:*:-:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F483F5AA-4232-4B70-A06A-64A99479DCEE"
          },
          {
            "criteria": "cpe:2.3:a:ncrafts:formcraft:1.3.6:-:-:*:-:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "955504E9-630A-413F-B1E0-B4C37FEF1720"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References