CVE-2012-6520

Wikidforum 2.10 - SQL Injection via Advanced Search Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6520. PoCs published by Stefan Schurtz.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in Wikidforum 2.10, specifically in the 'select_sort' and 'opt_search_select' POST parameters during advanced searches. It lacks executable exploit code but details the attack vectors.

Description

Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue could not be reproduced by third parties.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Stefan Schurtz · textwebappsphp

https://www.exploit-db.com/exploits/36946

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in Wikidforum 2.10, specifically in the 'select_sort' and 'opt_search_select' POST parameters during advanced searches. It lacks executable exploit code but details the attack vectors.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Wikidforum 2.10

No auth needed

Prerequisites: Access to the advanced search functionality

MITRE ATT&CK