Описание
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2003-1598
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12204
- http://osvdb.org/show/osvdb/4610
- http://seclists.org/oss-sec/2012/q1/77
- http://secunia.com/advisories/8954
- http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt
- http://www.securityfocus.com/bid/7784
Связанные уязвимости
WordPress 0.7 (b2 cafelog code) allows SQL injection. / Blog.header.php. $ posts not converted to an integer, so we can inject sql in this variable. In MySQL 4.x can use UNION and subselects to obtain privileges.
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...