Published: 08/06/2007 Updated: 19/10/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress 2.2

Debian Bug report logs - #437085 CVE-2007-1599: wp-loginphp allows remote attackers to redirect authenticated users to other websites Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@sko ...

Debian Bug report logs - #428073 [CVE-2007-3140] remote SQL injection vulnerability in xmlrpcphp Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Fri, 8 Jun 2007 16:45:01 UT ...

/* El error, bastante tonto por cierto, se encuentra en la funciÃ³n wp_suggestCategories, en el archivo xmlrpcphp: function wp_suggestCategories($args) { global $wpdb; $this->escape($args); $blog_id = (int) $args[0]; $username = $args[1]; $passw ...

NVD-CWE-Other http://www.securityfocus.com/bid/24344 http://secunia.com/advisories/25552 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.021.html http://osvdb.org/36321 http://www.vupen.com/english/advisories/2007/2099 https://exchange.xforce.ibmcloud.com/vulnerabilities/34746 https://www.exploit-db.com/exploits/4039 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437085 https://www.exploit-db.com/exploits/4039/

CVE-2007-3140

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect