Description

SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.

Remediation

References

CVE-2007-4154

Related Vulnerabilities

Oracle JRE CVE-2022-21366 Vulnerability (CVE-2022-21366)

osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-42235)

Undertow Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-3597)

Grafana Cleartext Storage of Sensitive Information Vulnerability (CVE-2022-26148)

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4946)

Severity

Medium

Classification

CVE-2007-4154

Tags

Missing Update Known Vulnerabilities