FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- remote sql injection vulnerability

Affected packages
wordpress < 2.2.3,1
de-wordpress < 2.2.3
zh-wordpress < 2.2.3
wordpress-mu < 1.2.4,2


VuXML ID 63347ee7-6841-11dc-82b6-02e0185f8d72
Discovery 2007-09-10
Entry 2007-09-21

Alexander Concha reports:

While testing WordPress, it has been discovered a SQL Injection vulnerability that allows an attacker to retrieve remotely any user credentials from a vulnerable site, this bug is caused because of early database escaping and the lack of validation in query string like parameters.


CVE Name CVE-2007-4894