Description

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

Remediation

References

CVE-2010-4257

Related Vulnerabilities

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.33)

WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2020-5258)

WordPress Plugin FormCraft-Premium WordPress Form Builder Cross-Site Scripting (3.2.31)

Oracle Database Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)

Zikula Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0535)

Severity

Medium

Classification

CVE-2010-4257 CWE-138

Tags

Missing Update Known Vulnerabilities