Description

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.

Remediation

References

CVE-2006-1012

Related Vulnerabilities

WordPress Plugin Welcome Announcement Multiple Cross-Site Scripting Vulnerabilities (1.0.5)

WordPress Plugin wpForo Forum Cross-Site Scripting (2.1.8)

WordPress Plugin DJ EmailPublish Cross-Site Scripting (1.7.2)

qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-18468)

WordPress Plugin Gmedia Photo Gallery Multiple Cross-Site Scripting Vulnerabilities (1.18.4)

Severity

High

Classification

CVE-2006-1012

Tags

Missing Update Known Vulnerabilities