Published: 30/01/2012 Updated: 11/04/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and previous versions does not ensure that the specified MySQL database service is appropriate, which allows remote malicious users to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress 3.0.5
wordpress wordpress 2.0.11
wordpress wordpress 2.8.6
wordpress wordpress 2.0
wordpress wordpress 2.1.1
wordpress wordpress 2.2.3
wordpress wordpress 2.0.2
wordpress wordpress 2.1
wordpress wordpress 2.0.6
wordpress wordpress 2.0.1
wordpress wordpress 2.8.4
wordpress wordpress 2.0.4
wordpress wordpress 3.0.2
wordpress wordpress 3.2.1
wordpress wordpress 0.711
wordpress wordpress 3.1.4
wordpress wordpress 2.2
wordpress wordpress 1.2.1
wordpress wordpress 0.7
wordpress wordpress 2.1.3
wordpress wordpress 3.0
wordpress wordpress 2.8
wordpress wordpress 2.0.7
wordpress wordpress 2.1.2
wordpress wordpress 3.0.1
wordpress wordpress 2.7.1
wordpress wordpress 0.71
wordpress wordpress 2.6.3
wordpress wordpress 2.0.5
wordpress wordpress 2.8.3
wordpress wordpress 2.6.5
wordpress wordpress 3.1.3
wordpress wordpress 2.2.2
wordpress wordpress 2.3.3
wordpress wordpress 2.0.9
wordpress wordpress 2.8.1
wordpress wordpress 2.2.1
wordpress wordpress 2.7
wordpress wordpress 1.5.2
wordpress wordpress
wordpress wordpress 1.0.1
wordpress wordpress 0.72
wordpress wordpress 3.0.4
wordpress wordpress 2.6.2
wordpress wordpress 2.9
wordpress wordpress 3.1
wordpress wordpress 2.3.1
wordpress wordpress 1.0.2
wordpress wordpress 2.5.1
wordpress wordpress 2.0.3
wordpress wordpress 2.6.1
wordpress wordpress 1.5.1.2
wordpress wordpress 3.1.2
wordpress wordpress 1.2
wordpress wordpress 3.0.6
wordpress wordpress 2.9.2
wordpress wordpress 2.5
wordpress wordpress 3.1.1
wordpress wordpress 1.2.2
wordpress wordpress 2.0.10
wordpress wordpress 2.9.1
wordpress wordpress 1.0
wordpress wordpress 3.3
wordpress wordpress 1.5
wordpress wordpress 2.8.2
wordpress wordpress 1.5.1
wordpress wordpress 3.0.3
wordpress wordpress 1.5.1.3
wordpress wordpress 2.3.2
wordpress wordpress 2.6
wordpress wordpress 2.8.5
wordpress wordpress 2.0.8
wordpress wordpress 2.3

Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress wwwtrustwavecom/spiderlabs/advisories/TWSL2012-002txt Published: 1/24/12 Version: 10 Vendor: WordPress (wordpressorg/) Product: WordPress Version affected: 331 and prior Product description: WordPress is a free and open source blog ...

WordPress versions 331 and below suffer from MySQL username/password disclosure, PHP code execution and cross site scripting vulnerabilities ...

HTTP requests flooding an Elipse E3 Scada PLC triggers a denial of service condition ...

NVD-CWE-noinfo http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html http://www.exploit-db.com/exploits/18417 https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt https://nvd.nist.gov https://www.exploit-db.com/exploits/18417/

CVE-2011-4899

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect