CVE-2012-2109
BuddyPress 1.5.x < 1.5.5 - SQL Injection via Activity Widget Filter Page Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-2109. PoCs published by Ivan Terkin.
AI-analyzed exploit summary This exploit demonstrates a remote SQL injection vulnerability in BuddyPress plugin for WordPress versions up to 1.5.5. The exploit manipulates the 'exclude' parameter in a POST request to inject a UNION-based SQL payload, potentially allowing unauthorized data retrieval.
Description
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
Exploits (1)
This exploit demonstrates a remote SQL injection vulnerability in BuddyPress plugin for WordPress versions up to 1.5.5. The exploit manipulates the 'exclude' parameter in a POST request to inject a UNION-based SQL payload, potentially allowing unauthorized data retrieval.