Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2008-4106

Published: 18/09/2008 Updated: 11/10/2018
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 454
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Wordpress

Vulnerability Summary

WordPress prior to 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote malicious users to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress 1.2.2

wordpress wordpress 1.5-strayhorn

wordpress wordpress 2.0.4

wordpress wordpress 2.0.10

wordpress wordpress 2.1.2

wordpress wordpress 2.1.3

wordpress wordpress 2.6

wordpress wordpress 0.71-gold

wordpress wordpress 1.5.1.1

wordpress wordpress 1.5.1.2

wordpress wordpress 2.0.11

wordpress wordpress 2.0.5

wordpress wordpress 2.2

wordpress wordpress 2.2.1

wordpress wordpress 1.0.1-miles

wordpress wordpress 1.0.2-blakey

wordpress wordpress 1.2.1

wordpress wordpress 2.0

wordpress wordpress 2.0.1

wordpress wordpress 2.0.9

wordpress wordpress 2.1

wordpress wordpress 2.1.1

wordpress wordpress 2.5

wordpress wordpress 2.5.1

wordpress wordpress 1.2-mingus

wordpress wordpress

wordpress wordpress 1.5.1.3

wordpress wordpress 1.5.2

wordpress wordpress 2.0.6

wordpress wordpress 2.0.7

wordpress wordpress 2.2.2

wordpress wordpress 2.2.3

wordpress wordpress 1.0-platinum

wordpress wordpress 1.2-delta

Vendor Advisories

Debian Security Advisories: DSA-1871-1 wordpress -- several vulnerabilities
Several vulnerabilities have been discovered in wordpress, weblog manager The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-6762 It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing atacks CVE-2008-6767 It was discovered that remot ...
Debian CVElist Bug Report Logs: wordpress can be subject of delayed attacks via cookies
Debian Bug report logs - #504771 wordpress can be subject of delayed attacks via cookies Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Fri, 7 Nov 2008 02:42:04 UTC S ...
Debian CVElist Bug Report Logs: CVE-2008-4106: WordPress allows remote attackers to change an arbitrary user's password to a random value
Debian Bug report logs - #500115 CVE-2008-4106: WordPress allows remote attackers to change an arbitrary user's password to a random value Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde ...
Debian CVElist Bug Report Logs: wordpress: CORE-2009-0515 priviledges unchecked and multiple information disclosures
Debian Bug report logs - #536724 wordpress: CORE-2009-0515 priviledges unchecked and multiple information disclosures Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom&g ...
Debian CVElist Bug Report Logs: CVE-2008-6767, CVE-2008-6762
Debian Bug report logs - #531736 CVE-2008-6767, CVE-2008-6762 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Wed, 3 Jun 2009 17:27:02 UTC Severity: normal Tags: s ...

References

CWE-20http://securitytracker.com/id?1020869http://secunia.com/advisories/31870http://marc.info/?l=oss-security&m=122152830017099&w=2https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00629.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-September/msg00607.htmlhttp://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/http://www.sektioneins.de/advisories/SE-2008-05.txthttp://secunia.com/advisories/31737http://www.openwall.com/lists/oss-security/2008/09/11/6http://wordpress.org/development/2008/09/wordpress-262/http://securityreason.com/securityalert/4272http://www.securityfocus.com/bid/31068http://www.debian.org/security/2009/dsa-1871http://www.vupen.com/english/advisories/2008/2553https://www.exploit-db.com/exploits/6421https://www.exploit-db.com/exploits/6397http://www.securityfocus.com/archive/1/496287/100/0/threadedhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-1871
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook