Description

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.

Remediation

References

CVE-2005-2108

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-1522)

WordPress Plugin Event post Local File Inclusion (5.9.5)

WordPress Plugin YITH Maintenance Mode Multiple Cross-Site Scripting Vulnerabilities (1.3.8)

WordPress Plugin Cart66 Lite::WordPress Ecommerce Cross-Site Scripting (1.5.4)

WordPress Plugin MSMC-Redirect After Comment Multiple Vulnerabilities (2.1.2)

Severity

High

Classification

CVE-2005-2108

Tags

Missing Update Known Vulnerabilities