You are here: Home / Exploits / Mingle Forum

Mingle Forum

February 21, 2013 By
Name: Mingle Forum
Type: SQL Injection
Exploit version: 1.0.33.3
Release Date: 20-02-2013
Status: A new version of Mingle Forum has been released  •

Description:
1) Input passed to the "search_words" POST parameter in index.php (when "page_id" is set to a valid forum page id and "mingleforumaction" is set to "search") is not properly sanitised in wp-content/plugins/mingle-forum/wpf.class.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed to the "togroupusers" POST parameter in wp-admin/admin.php (when "page" is set to "mfgroups", "usergroup" is set to a valid group ID, and "add_user_togroup" is set) is not properly sanitised in wp-content/plugins/mingle-forum/fs-admin/fs-admin.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Input passed via the "id" parameter to index.php (when "page_id" is set to a valid forum page id, "mingleforumaction" is set to "viewtopic", "t" is set to e.g. "1.0", and "remove_post" is set) is not properly sanitised in wp-content/plugins/mingle-forum/wpf.class.php before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

4) Input passed via the "id" parameter to index.php (when "page_id" is set to a valid forum page id, "mingleforumaction" is set to "viewtopic", "t" is set to e.g. "1.0", and "sticky" is set) is not properly sanitised in wp-content/plugins/mingle-forum/wpf.class.php before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

5) Input passed via the "id" parameter to index.php (when "page_id" is set to a valid forum page id, "mingleforumaction" is set to "viewtopic", "t" is set to e.g. "1.0", and "closed" is set) is not properly sanitised in wp-content/plugins/mingle-forum/wpf.class.php before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

6) Input passed via the "thread" parameter to index.php (when "page_id" is set to a valid forum page id and "mingleforumaction" is set to "postreply") is not properly sanitised in wp-content/plugins/mingle-forum/wpf.class.php before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.



Plugin Information

  1. Downloaded: 314548 Times
  2. Current Version: 1.0.34
  3. Author: Profile
  4. Tested up to: 3.5.1
  5. Download Plugin

Security Information

  1. Secunia ID: 52167
  2. Credit: Secunia Research
  • Plugin statistics provided by WordPress.org. Updated within the last day or so.
  • ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository
Filed Under: Exploits Tagged With: ,