CVE-2007-4894 in WordpressИнформация

Сводка

по MITRE

Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Резервировать

14.09.2007

Раскрытие

14.09.2007

Модерация

принято

Вход

VDB-38783

EPSS

0.03637

KEV

Нет

Деятельности

Очень низкий

Источники

Do you want to use VulDB in your project?

Use the official API to access entries easily!