Description

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.

Remediation

References

CVE-2006-1012

Related Vulnerabilities

WordPress Plugin WPtouch 'wptouch_redirect' Parameter URI Redirection (1.9.32)

WordPress Plugin Enable Media Replace SQL Injection and Arbitrary File Upload Vulnerabilities (2.3)

WordPress Plugin Wp2android-webapp native mobile app builder free (android, IOs, Winphone mobile App) Arbitrary File Upload (1.1.4)

Oracle Database Server CVE-2009-1973 Vulnerability (CVE-2009-1973)

Joomla! Core 3.x.x Multiple Cross-Site Request Forgery Vulnerabilities (3.2.0 - 3.9.15)

Severity

High

Classification

CVE-2006-1012

Tags

Missing Update Known Vulnerabilities