Description

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

Remediation

References

CVE-2010-4257

Related Vulnerabilities

WordPress Plugin Invit0r 'ofc_upload_image.php' Arbitrary File Upload (0.22)

WordPress Plugin WP Google Maps Multiple Cross-Site Scripting Vulnerabilities (8.1.12)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6148)

WordPress Plugin WP-Members Membership Multiple Cross-Site Scripting Vulnerabilities (2.8.9)

WordPress Plugin CiviCRM Multiple Cross-Site Scripting Vulnerabilities (5.35.0)

Severity

Medium

Classification

CVE-2010-4257 CWE-138

Tags

Missing Update Known Vulnerabilities