CVE-2015-3325

WP Symposium <15.4 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.

Exploits (1)

exploitdb WRITEUP
by Hannes Trunde · textwebappsphp
https://www.exploit-db.com/exploits/37080

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74237
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37080/

Scores

EPSS 0.0190
EPSS Percentile 83.4%

Details

CWE
CWE-89
Status published
Products (1)
wpsymposium/wp_symposium < 15.2
Published May 15, 2015
Tracked Since Feb 18, 2026