Wpsymposium : Security Vulnerabilities, CVEs,

CVE-2015-6522

Public exploit
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
Max CVSS
7.5
EPSS Score
97.06%
Published
2015-08-19
Updated
2016-12-09

CVE-2015-3325

SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.
Max CVSS
7.5
EPSS Score
0.12%
Published
2015-05-15
Updated
2015-06-25

CVE-2011-5051

Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using (1) uploadify/upload_admin_avatar.php or (2) uploadify/upload_profile_avatar.php, then accessing it via a direct request to the file in an unspecified directory inside the webroot.
Max CVSS
7.5
EPSS Score
8.61%
Published
2012-01-04
Updated
2017-08-29
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close