CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2013-7187

HIGH
7.5
CVSS Severity Score
EPSS Score0.1940%
EPSS Percentile39.52th
Published2013年12月20日
Last Modified2026年4月29日

Vulnerability Description

SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected Platforms (CPE)

📦
Ncrafts

Formcraft

<= 1.3.7
📦
Ncrafts

Formcraft

= 1.1
📦
Ncrafts

Formcraft

= 1.2
📦
Ncrafts

Formcraft

= 1.2.1
📦
Ncrafts

Formcraft

= 1.3
📦
Ncrafts

Formcraft

= 1.3.1
📦
Ncrafts

Formcraft

= 1.3.2
📦
Ncrafts

Formcraft

= 1.3.3
📦
Ncrafts

Formcraft

= 1.3.4
📦
Ncrafts

Formcraft

= 1.3.5
📦
Ncrafts

Formcraft

= 1.3.6

References & Advisories

🔗 http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt
🔗 http://secunia.com/advisories/56044
🔗 http://www.exploit-db.com/exploits/30002
🔗 http://www.securityfocus.com/bid/64183
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/89581
🔗 http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt
🔗 http://secunia.com/advisories/56044
🔗 http://www.exploit-db.com/exploits/30002

相關漏洞威脅

CVE-2017-131379.8

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.

CVE-2019-59208.8

Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and earlier allows remote attackers to hijack the authenticatio...

CVE-2019-151148.8

The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.

CVE-2013-136810.0

Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x befo...