Description

Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."

Remediation

References

CVE-2007-4894

Related Vulnerabilities

Oracle Application Server CVE-2009-0989 Vulnerability (CVE-2009-0989)

WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Arbitrary File Upload (1.3.3.2)

WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3)

WordPress Plugin Chained Quiz Cross-Site Scripting (0.9.9)

MySQL CVE-2021-35628 Vulnerability (CVE-2021-35628)

Severity

High

Classification

CVE-2007-4894 CWE-138

Tags

Missing Update Known Vulnerabilities