Description

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.

Remediation

References

CVE-2006-1012

Related Vulnerabilities

Apache Tomcat CVE-2017-5651 Vulnerability (CVE-2017-5651)

WordPress Plugin Contact Form 7 Style Cross-Site Request Forgery (3.1.9)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5597)

WordPress Plugin DukaPress PHP Object Injection (3.1.20)

Citrix NetScaler Information Disclosure 'Citrix Bleed' (CVE-2023-4966)

Severity

High

Classification

CVE-2006-1012

Tags

Missing Update Known Vulnerabilities