Back to search
CVE-2007-4894
Published: Sep 14, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-3132
vdb-entry
x_refsource_VUPEN
wordpress-wordpressmu-pingback-sql-injection(36578)
vdb-entry
x_refsource_XF
FEDORA-2007-2143
vendor-advisory
x_refsource_FEDORA
http://wordpress.org/development/2007/09/wordpress-223/
x_refsource_CONFIRM
26771
third-party-advisory
x_refsource_SECUNIA
http://trac.wordpress.org/ticket/4770
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=285831
x_refsource_MISC
26796
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now