Description

Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."

Remediation

References

CVE-2007-4894

Related Vulnerabilities

Vanilla Forums Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-9889)

WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT Cross-Site Request Forgery (3.2.0)

Oracle Database Server CVE-2014-6453 Vulnerability (CVE-2014-6453)

WordPress Plugin Yoast SEO Cross-Site Scripting (2.1.1)

ProjectSend Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-40886)

Severity

High

Classification

CVE-2007-4894 CWE-138

Tags

Missing Update Known Vulnerabilities