QwikSec

Security Database

CVE

CWE

Training

CVE-2008-4106

Published: Sep 18, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

exploit

x_refsource_EXPLOIT-DB

[oss-security] 20080916 Re: CVE request: wordpress < 2.6.2

mailing-list

x_refsource_MLIST

http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/

x_refsource_MISC

vdb-entry

x_refsource_VUPEN

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20080911 CVE request: wordpress < 2.6.2

mailing-list

x_refsource_MLIST

http://www.sektioneins.de/advisories/SE-2008-05.txt

x_refsource_MISC

third-party-advisory

x_refsource_SREASON

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

20080911 Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_SECTRACK

FEDORA-2008-7902

vendor-advisory

x_refsource_FEDORA

FEDORA-2008-7760

vendor-advisory

x_refsource_FEDORA

http://wordpress.org/development/2008/09/wordpress-262/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.