QwikSec

Security Database

CVE

CWE

Training

CVE-2007-4154

Published: Aug 3, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

wordpress-options-sql-injection(35719)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_DEBIAN

http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.