Lucene search

[email protected]CVE-2007-1897

HistoryApr 09, 2007 - 8:19 p.m.

CVE-2007-1897

2007-04-0920:19:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2007-1897

sql injection

xmlrpc

wordpress

nvd

7.6 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.1%

JSON

SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.

CPENameOperatorVersion
wordpress:wordpresswordpresseq2.1.1
wordpress:wordpresswordpresseq2.1
wordpress:wordpresswordpressle2.1.2

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	eq	2.1.1
wordpress:wordpress	wordpress	eq	2.1
wordpress:wordpress	wordpress	le	2.1.2

References

secunia.com/advisories/24751

secunia.com/advisories/25108

trac.wordpress.org/ticket/4091

www.debian.org/security/2007/dsa-1285

www.notsosecure.com/folder2/2007/04/03/wordpress-212-xmlrpc-security-issues/

www.securityfocus.com/bid/23294

www.vupen.com/english/advisories/2007/1245

www.exploit-db.com/exploits/3656

7.6 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.1%

JSON

Related for CVE-2007-1897

ubuntucve2 prion2 debiancve2 patchstack1 wpvulndb1 cve1 osv1 debian2 nessus1 openvas1 securityvulns1