Description

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.

Remediation

References

CVE-2006-1012

Related Vulnerabilities

TYPO3 Improper Input Validation Vulnerability (CVE-2014-3941)

WordPress Plugin Newsletters Multiple Vulnerabilities (4.6.6.2)

MySQL CVE-2017-3647 Vulnerability (CVE-2017-3647)

Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-0269)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.15)

Severity

High

Classification

CVE-2006-1012

Tags

Missing Update Known Vulnerabilities