NA

CVE-2011-4899

Published: 30/01/2012 Updated: 31/01/2012
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and previous versions does not ensure that the specified MySQL database service is appropriate, which allows remote malicious users to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress 3.2.1

wordpress wordpress 3.1.4

wordpress wordpress 3.1.3

wordpress wordpress 3.1.2

wordpress wordpress 2.8.5

wordpress wordpress 2.8.4

wordpress wordpress 2.8.3

wordpress wordpress 2.8.2

wordpress wordpress 2.3.2

wordpress wordpress 2.3.1

wordpress wordpress 2.3

wordpress wordpress 2.2.3

wordpress wordpress 2.0.11

wordpress wordpress 2.1.1

wordpress wordpress 2.0.2

wordpress wordpress 2.1

wordpress wordpress 2.0.4

wordpress wordpress 3.0.2

wordpress wordpress 0.711

wordpress wordpress 0.7

wordpress wordpress 3.0.1

wordpress wordpress 0.71

wordpress wordpress 2.6.3

wordpress wordpress 2.0.5

wordpress wordpress 2.6.5

wordpress wordpress 0.72

wordpress wordpress 3.0.4

wordpress wordpress 2.6.2

wordpress wordpress 2.0.3

wordpress wordpress 2.6.1

wordpress wordpress 1.5.1.2

wordpress wordpress 1.2.2

wordpress wordpress 2.0.10

wordpress wordpress 1.5

wordpress wordpress 1.5.1

wordpress wordpress 3.0.3

wordpress wordpress 3.0.5

wordpress wordpress 2.8.6

wordpress wordpress 2.0

wordpress wordpress 2.0.6

wordpress wordpress 2.0.1

wordpress wordpress 2.2

wordpress wordpress 1.2.1

wordpress wordpress 2.1.3

wordpress wordpress 3.0

wordpress wordpress 2.8

wordpress wordpress 2.0.7

wordpress wordpress 2.1.2

wordpress wordpress 2.7.1

wordpress wordpress 2.2.2

wordpress wordpress 2.3.3

wordpress wordpress 2.0.9

wordpress wordpress 2.8.1

wordpress wordpress 2.2.1

wordpress wordpress 2.7

wordpress wordpress 1.5.2

wordpress wordpress

wordpress wordpress 1.0.1

wordpress wordpress 2.9

wordpress wordpress 3.1

wordpress wordpress 1.0.2

wordpress wordpress 2.5.1

wordpress wordpress 1.2

wordpress wordpress 3.0.6

wordpress wordpress 2.9.2

wordpress wordpress 2.5

wordpress wordpress 3.1.1

wordpress wordpress 2.9.1

wordpress wordpress 1.0

wordpress wordpress 3.3

wordpress wordpress 1.5.1.3

wordpress wordpress 2.6

wordpress wordpress 2.0.8

Exploits

Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress wwwtrustwavecom/spiderlabs/advisories/TWSL2012-002txt Published: 1/24/12 Version: 10 Vendor: WordPress (wordpressorg/) Product: WordPress Version affected: 331 and prior Product description: WordPress is a free and open source blog ...

Mailing Lists

HTTP requests flooding an Elipse E3 Scada PLC triggers a denial of service condition ...
WordPress versions 331 and below suffer from MySQL username/password disclosure, PHP code execution and cross site scripting vulnerabilities ...