CVE-2012-2109

SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:buddypress:buddypress:1.5:*:*:*:*:*:*:*
cpe:2.3:a:buddypress:buddypress:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:buddypress:buddypress:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:buddypress:buddypress:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:buddypress:buddypress:1.5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:buddypress:buddypress:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-09-04 20:55

Updated : 2024-02-04 18:16


NVD link : CVE-2012-2109

Mitre link : CVE-2012-2109

CVE.ORG link : CVE-2012-2109


JSON object : View

Products Affected

wordpress

  • wordpress

buddypress

  • buddypress
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')