Description

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.

Remediation

References

CVE-2005-2108

Related Vulnerabilities

WordPress Plugin W3 Total Cache Information Disclosure (0.9.2.4)

MySQL CVE-2019-2634 Vulnerability (CVE-2019-2634)

OpenSSL Missing Encryption of Sensitive Data Vulnerability (CVE-2019-1547)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15729)

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder SQL Injection (1.29.2)

Severity

High

Classification

CVE-2005-2108

Tags

Missing Update Known Vulnerabilities