Description

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.

Remediation

References

CVE-2007-3140

Related Vulnerabilities

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9516)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.113)

WordPress Plugin Klaviyo Cross-Site Scripting (3.0.9)

Jenkins CVE-2013-0158 Vulnerability (CVE-2013-0158)

SugarCRM Gain Sensitive Information Vulnerability (CVE-2004-1226)

Severity

Medium

Classification

CVE-2007-3140

Tags

Missing Update Known Vulnerabilities