Description

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.

Remediation

References

CVE-2007-3140

Related Vulnerabilities

WordPress Plugin Page Restrict Open Redirect (2.2.3)

WordPress Plugin Simplelife Cross-Site Request Forgery (1.2)

WordPress 4.4.x Denial of Service Vulnerability (4.4 - 4.4.14)

WordPress Plugin Popup Builder-Responsive WordPress Pop up-Subscription & Newsletter SQL Injection (2.6.7.6)

Apache Tomcat Other Vulnerability (CVE-2002-1895)

Severity

Medium

Classification

CVE-2007-3140

Tags

Missing Update Known Vulnerabilities