Description

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.

Remediation

References

CVE-2005-2108

Related Vulnerabilities

WebLogic CVE-2020-2966 Vulnerability (CVE-2020-2966)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43945)

ownCloud Improper Authentication Vulnerability (CVE-2014-9045)

WordPress Plugin Uploader 'uploadify.php' Arbitrary File Upload (1.0.4)

WordPress Plugin Esponce QR Code Generator Cross-Site Scripting (1.4)

Severity

High

Classification

CVE-2005-2108

Tags

Missing Update Known Vulnerabilities