Published: 09/04/2007 Updated: 11/10/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress
wordpress wordpress 2.1
wordpress wordpress 2.1.1

CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/varsphp in WordPress before 2010 RC2, and before 213 RC2 in the 21 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression ...

#!/usr/bin/perl -w #Wordpress 212 SQL Injection POC #Credits: sid@notsosecurecom #Thanks to ferruh (ferruh@mavitunacom)for improving my exploitation skills #website:wwwnotsosecurecom #Wordpress version 212 is vulnerable to sql injection This POC works when exploting with the credentials of a valid user The user can belong to 'contribu ...

CWE-89 http://www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues/http://trac.wordpress.org/ticket/4091 http://www.securityfocus.com/bid/23294 http://secunia.com/advisories/24751 http://www.debian.org/security/2007/dsa-1285 http://secunia.com/advisories/25108 http://www.vupen.com/english/advisories/2007/1245 https://www.exploit-db.com/exploits/3656 https://nvd.nist.gov https://www.debian.org/security/./dsa-1285 https://www.exploit-db.com/exploits/3656/

CVE-2007-1897

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect