Описание
WordPress 0.7 (b2 cafelog code) allows SQL injection. / Blog.header.php. $ posts not converted to an integer, so we can inject sql in this variable. In MySQL 4.x can use UNION and subselects to obtain privileges.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| hardy | not-affected | 2.3.3-1ubuntu1 |
| lucid | not-affected | |
| natty | not-affected | |
| oneiric | not-affected | |
| precise | not-affected | |
| upstream | released | 0.80 |
Показывать по
10
7.5 High
CVSS2
Связанные уязвимости
nvd
больше 10 лет назад
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
debian
больше 10 лет назад
SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...
github
около 3 лет назад
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
7.5 High
CVSS2