CVE-2007-4894 in Wordpressinfo

Zusammenfassung

von MITRE

Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservieren

14.09.2007

Veröffentlichung

14.09.2007

Moderieren

akzeptiert

Eintrag

VDB-38783

CPE

bereit

EPSS

0.03637

KEV

nein

Aktivitäten

very low

Quellen

Might our Artificial Intelligence support you?

Check our Alexa App!