CyberSec.Space Logo
CVEブラウザに戻る

CVE-2013-7187

HIGH
7.5
CVSS Severity Score
EPSS Score0.1940%
EPSS Percentile39.52th
Published2013年12月20日
Last Modified2026年4月29日

Vulnerability Description

SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected Platforms (CPE)

📦
Ncrafts

Formcraft

<= 1.3.7
📦
Ncrafts

Formcraft

= 1.1
📦
Ncrafts

Formcraft

= 1.2
📦
Ncrafts

Formcraft

= 1.2.1
📦
Ncrafts

Formcraft

= 1.3
📦
Ncrafts

Formcraft

= 1.3.1
📦
Ncrafts

Formcraft

= 1.3.2
📦
Ncrafts

Formcraft

= 1.3.3
📦
Ncrafts

Formcraft

= 1.3.4
📦
Ncrafts

Formcraft

= 1.3.5
📦
Ncrafts

Formcraft

= 1.3.6

References & Advisories

🔗 http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt
🔗 http://secunia.com/advisories/56044
🔗 http://www.exploit-db.com/exploits/30002
🔗 http://www.securityfocus.com/bid/64183
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/89581
🔗 http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt
🔗 http://secunia.com/advisories/56044
🔗 http://www.exploit-db.com/exploits/30002

関連する脆弱性情報

CVE-2017-131379.8

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.

CVE-2019-59208.8

Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authenticatio...

CVE-2019-151148.8

The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.

CVE-2013-138510.0

Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes it easier for attackers to by...