Описание
WordPress 0.7 (b2 cafelog code) allows SQL injection. / Blog.header.php. $ posts not converted to an integer, so we can inject sql in this variable. In MySQL 4.x can use UNION and subselects to obtain privileges.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| hardy | not-affected | 2.3.3-1ubuntu1 |
| lucid | not-affected | |
| natty | not-affected | |
| oneiric | not-affected | |
| precise | not-affected | |
| upstream | released | 0.80 |
Показывать по
10
EPSS
Процентиль: 77%
0.01082
Низкий
7.5 High
CVSS2
Связанные уязвимости
nvd
почти 11 лет назад
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
debian
почти 11 лет назад
SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...
github
больше 3 лет назад
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
EPSS
Процентиль: 77%
0.01082
Низкий
7.5 High
CVSS2