Test ID:	1.3.6.1.4.1.25623.1.0.802006
Category:	Web application abuses
Title:	WordPress WP Forum Server 'topic' Parameter SQL Injection Vulnerability
Summary:	The WordPress plugin 'WP Forum Server' is prone to an SQL injection (SQLi) vulnerability.
Description:	Summary: The WordPress plugin 'WP Forum Server' is prone to an SQL injection (SQLi) vulnerability. Vulnerability Insight: The flaws are caused by improper validation of user-supplied input via the 'topic' parameter to '/wp-content/plugins/forum-server/feed.php', which allows attackers to manipulate SQL queries by injecting arbitrary SQL code. Vulnerability Impact: Successful exploitation will allow attacker to perform SQL Injection attack and gain sensitive information. Affected Software/OS: WP Forum Server WordPress plugin 1.6.5 Solution: Update to WP Forum Server WordPress plugin version 1.6.6 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1047 BugTraq ID: 46362 http://www.securityfocus.com/bid/46362 Bugtraq: 20110210 HTB22851: SQL Injection in WP Forum Server wordpress plugin (Google Search) http://www.securityfocus.com/archive/1/516402/100/0/threaded Bugtraq: 20110210 HTB22852: SQL Injection in WP Forum Server wordpress plugin (Google Search) http://www.securityfocus.com/archive/1/516400/100/0/threaded http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin.html http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_1.html http://www.htbridge.ch/advisory/sql_injection_in_wp_forum_server_wordpress_plugin_2.html http://osvdb.org/70993 http://osvdb.org/70994 http://secunia.com/advisories/43306 http://securityreason.com/securityalert/8099
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.