Description

SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.

Remediation

References

CVE-2007-4154

Related Vulnerabilities

PostgreSQL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2020-25694)

WordPress Plugin Post to Twitter Cross-Site Request Forgery (0.7)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.34)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-31618)

WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Upload (6.4)

Severity

Medium

Classification

CVE-2007-4154

Tags

Missing Update Known Vulnerabilities