Description

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.

Remediation

References

CVE-2006-1012

Related Vulnerabilities

WordPress Plugin Knews Multilingual Newsletters 'ff' Parameter Cross-Site Scripting (1.1.0)

WordPress Plugin 3D Product configurator for WooCommerce Arbitrary File Upload (1.5.531)

WordPress Plugin Duplicate Post Cross-Site Scripting (2.6)

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-9850)

WordPress Plugin Gallery-Flagallery Photo Portfolio Cross-Site Request Forgery (3.01)

Severity

High

Classification

CVE-2006-1012

Tags

Missing Update Known Vulnerabilities