Lucene search
HistoryJan 30, 2012 - 5:55 p.m.
CVE-2011-4899
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
High
EPSS
0.038
Percentile
92.0%
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments
Affected configurations
Node
wordpresswordpressRange≤3.3.1
ORwordpresswordpressMatch0.7
ORwordpresswordpressMatch0.71
ORwordpresswordpressMatch0.72
ORwordpresswordpressMatch0.711
ORwordpresswordpressMatch1.0
ORwordpresswordpressMatch1.0.1
ORwordpresswordpressMatch1.0.2
ORwordpresswordpressMatch1.2
ORwordpresswordpressMatch1.2.1
ORwordpresswordpressMatch1.2.2
ORwordpresswordpressMatch1.5
ORwordpresswordpressMatch1.5.1
ORwordpresswordpressMatch1.5.1.2
ORwordpresswordpressMatch1.5.1.3
ORwordpresswordpressMatch1.5.2
ORwordpresswordpressMatch2.0
ORwordpresswordpressMatch2.0.1
ORwordpresswordpressMatch2.0.2
ORwordpresswordpressMatch2.0.3
ORwordpresswordpressMatch2.0.4
ORwordpresswordpressMatch2.0.5
ORwordpresswordpressMatch2.0.6
ORwordpresswordpressMatch2.0.7
ORwordpresswordpressMatch2.0.8
ORwordpresswordpressMatch2.0.9
ORwordpresswordpressMatch2.0.10
ORwordpresswordpressMatch2.0.11
ORwordpresswordpressMatch2.1
ORwordpresswordpressMatch2.1.1
ORwordpresswordpressMatch2.1.2
ORwordpresswordpressMatch2.1.3
ORwordpresswordpressMatch2.2
ORwordpresswordpressMatch2.2.1
ORwordpresswordpressMatch2.2.2
ORwordpresswordpressMatch2.2.3
ORwordpresswordpressMatch2.3
ORwordpresswordpressMatch2.3.1
ORwordpresswordpressMatch2.3.2
ORwordpresswordpressMatch2.3.3
ORwordpresswordpressMatch2.5
ORwordpresswordpressMatch2.5.1
ORwordpresswordpressMatch2.6
ORwordpresswordpressMatch2.6.1
ORwordpresswordpressMatch2.6.2
ORwordpresswordpressMatch2.6.3
ORwordpresswordpressMatch2.6.5
ORwordpresswordpressMatch2.7
ORwordpresswordpressMatch2.7.1
ORwordpresswordpressMatch2.8
ORwordpresswordpressMatch2.8.1
ORwordpresswordpressMatch2.8.2
ORwordpresswordpressMatch2.8.3
ORwordpresswordpressMatch2.8.4
ORwordpresswordpressMatch2.8.5
ORwordpresswordpressMatch2.8.6
ORwordpresswordpressMatch2.9
ORwordpresswordpressMatch2.9.1
ORwordpresswordpressMatch2.9.2
ORwordpresswordpressMatch3.0
ORwordpresswordpressMatch3.0.1
ORwordpresswordpressMatch3.0.2
ORwordpresswordpressMatch3.0.3
ORwordpresswordpressMatch3.0.4
ORwordpresswordpressMatch3.0.5
ORwordpresswordpressMatch3.0.6
ORwordpresswordpressMatch3.1
ORwordpresswordpressMatch3.1.1
ORwordpresswordpressMatch3.1.2
ORwordpresswordpressMatch3.1.3
ORwordpresswordpressMatch3.1.4
ORwordpresswordpressMatch3.2.1
ORwordpresswordpressMatch3.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress | wordpress | * | cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.7 | cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.71 | cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.72 | cpe:2.3:a:wordpress:wordpress:0.72:*:*:*:*:*:*:* |
| wordpress | wordpress | 0.711 | cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0 | cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0.1 | cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.0.2 | cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2 | cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:* |
| wordpress | wordpress | 1.2.1 | cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2011-4899
2012-01-30 00:00:00
cvelist
cvelist
CVE-2011-4899
2012-01-30 17:00:00
packetstorm
packetstorm
Elipse E3 Scada PLC Denial Of Service
2014-07-15 00:00:00
WordPress 3.3.1 Code Execution / Cross Site Scripting
2012-01-25 00:00:00
debiancve
debiancve
CVE-2011-4899
2012-01-30 17:55:00
vulnrichment
vulnrichment
CVE-2011-4899
2012-01-30 17:00:00
prion
prion
Cross site scripting
2012-01-30 17:55:00
cve
cve
CVE-2011-4899
2012-01-30 17:55:00
exploitpack
exploitpack
WordPress 3.3.1 - Multiple Vulnerabilities
2012-01-25 00:00:00
zdt
zdt
WordPress <= 3.3.1 Multiple Vulnerabilities
2012-01-25 00:00:00
openvas
openvas
WordPress 'setup-config.php' Multiple Vulnerabilities
2012-02-01 00:00:00
seebug
seebug
WordPress 3.3.1 Code Execution / Cross Site Scripting
2012-01-25 00:00:00
wordpress <= 3.3.1 - Multiple Vulnerabilities
2014-07-01 00:00:00
securityvulns
securityvulns
TWSL2012-002: Multiple Vulnerabilities in WordPress
2012-02-13 00:00:00
exploitdb
exploitdb
WordPress Core 3.3.1 - Multiple Vulnerabilities
2012-01-25 00:00:00
nessus
nessus
WordPress < 3.3.2 Multiple Vulnerabilities
2012-05-09 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
High
EPSS
0.038
Percentile
92.0%
Related for NVD:CVE-2011-4899