QwikSec

Security Database

CVE

CWE

Training

CVE-2017-5611

Published: Jan 30, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20170128 Re: CVE Request: Wordpress: 4.7.2 security release: unauthorized bypass, SQL injection, cross-site scripting issues

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

https://codex.wordpress.org/Version_4.7.2

x_refsource_CONFIRM

https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/

x_refsource_CONFIRM

https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb

x_refsource_CONFIRM

https://wpvulndb.com/vulnerabilities/8730

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.