Description
SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.
Remediation
References
Related Vulnerabilities
Squid Improper Certificate Validation Vulnerability (CVE-2021-41611)
WordPress Plugin Multisite Global Search 'mssearch' Parameter Cross-Site Scripting (1.2.5)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.14)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-26477)