SQL Injection in Ncrafts Formcraft
CVE-2013-7187
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
Vulnerability class: SQL Injection
EPSS: 0.048 (90.8th percentile) — read the EPSS interpretation.
Affected products
- Ncrafts Formcraft — versions 1.1, 1.2, 1.2.1
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (Exploit, exploit, x_refsource_EXPLOIT-DB)
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (Exploit, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2013-7187?
- CVE-2013-7187 is a vulnerability in Ncrafts Formcraft, classified under SQL Injection. Published 2013-12-20.
- Is CVE-2013-7187 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.