ID OSVDB:39373 Type osvdb Reporter OSVDB Modified 2007-07-31T00:00:00
Description
Vulnerability Description
Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-reading.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
References:
Vendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690
Other Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/
ISS X-Force ID: 35719
CVE-2007-4154
{"href": "https://vulners.com/osvdb/OSVDB:39373", "id": "OSVDB:39373", "reporter": "OSVDB", "published": "2007-07-31T00:00:00", "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-reading.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "title": "Wordpress options-reading.php page_options Variable SQL Injection", "lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "references": [], "edition": 1, "cvelist": ["CVE-2007-4154"], "affectedSoftware": [], "viewCount": 0, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2017-04-28T13:20:35", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4154"]}, {"type": "osvdb", "idList": ["OSVDB:39376", "OSVDB:39377", "OSVDB:39374", "OSVDB:39375", "OSVDB:39372", "OSVDB:39371"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1564-1:868BE"]}, {"type": "openvas", "idList": ["OPENVAS:60930"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-1564.NASL"]}], "modified": "2017-04-28T13:20:35", "rev": 2}, "vulnersScore": 6.9}, "modified": "2007-07-31T00:00:00"}
{"cve": [{"lastseen": "2020-10-03T11:45:53", "description": "SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.", "edition": 3, "cvss3": {}, "published": "2007-08-03T20:17:00", "title": "CVE-2007-4154", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4154"], "modified": "2017-07-29T01:32:00", "cpe": ["cpe:/a:wordpress:wordpress:2.2.1"], "id": "CVE-2007-4154", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4154", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:wordpress:wordpress:2.2.1:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4154"], "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-general.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "edition": 1, "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39371", "id": "OSVDB:39371", "title": "Wordpress options-general.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4154"], "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-privacy.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "edition": 1, "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39375", "id": "OSVDB:39375", "title": "Wordpress options-privacy.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4154"], "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-permalink.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "edition": 1, "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39376", "id": "OSVDB:39376", "title": "Wordpress options-permalink.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4154"], "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-misc.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "edition": 1, "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39377", "id": "OSVDB:39377", "title": "Wordpress options-misc.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4154"], "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-writing.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "edition": 1, "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39372", "id": "OSVDB:39372", "title": "Wordpress options-writing.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "cvelist": ["CVE-2007-4154"], "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-discussion.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690\nOther Advisory URL: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/\nISS X-Force ID: 35719\n[CVE-2007-4154](https://vulners.com/cve/CVE-2007-4154)\n", "edition": 1, "modified": "2007-07-31T00:00:00", "published": "2007-07-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39374", "id": "OSVDB:39374", "title": "Wordpress options-discussion.php page_options Variable SQL Injection", "type": "osvdb", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3639", "CVE-2007-0540", "CVE-2007-4153", "CVE-2007-4154"], "description": "The remote host is missing an update to wordpress\nannounced via advisory DSA 1564-1.", "modified": "2017-07-07T00:00:00", "published": "2008-05-12T00:00:00", "id": "OPENVAS:60930", "href": "http://plugins.openvas.org/nasl.php?oid=60930", "type": "openvas", "title": "Debian Security Advisory DSA 1564-1 (wordpress)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1564_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1564-1 (wordpress)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in wordpress,\na weblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-3639\n\nInsufficient input sanitising allowed for remote attackers to\nredirect visitors to external websites.\n\nCVE-2007-4153\n\nMultiple cross-site scripting vulnerabilities allowed remote\nauthenticated administrators to inject arbitrary web script or HTML.\n\nCVE-2007-4154\n\nSQL injection vulnerability allowed allowed remote authenticated\nadministrators to execute arbitrary SQL commands.\n\nCVE-2007-0540\n\nWordPress allows remote attackers to cause a denial of service\n(bandwidth or thread consumption) via pingback service calls with\na source URI that corresponds to a file with a binary content type,\nwhich is downloaded even though it cannot contain usable pingback data.\n\n[no CVE name yet]\n\nInsufficient input sanitising caused an attacker with a normal user\naccount to access the administrative interface.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.3-1.\n\nWe recommend that you upgrade your wordpress package.\";\ntag_summary = \"The remote host is missing an update to wordpress\nannounced via advisory DSA 1564-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201564-1\";\n\n\nif(description)\n{\n script_id(60930);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-05-12 19:53:28 +0200 (Mon, 12 May 2008)\");\n script_cve_id(\"CVE-2007-3639\", \"CVE-2007-4153\", \"CVE-2007-4154\", \"CVE-2007-0540\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1564-1 (wordpress)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"wordpress\", ver:\"2.0.10-1etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:21:32", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3639", "CVE-2007-0540", "CVE-2007-4153", "CVE-2007-4154"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1564-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nMay 01, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : wordpress\nVulnerability : multiple\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-3639 CVE-2007-4153 CVE-2007-4154 CVE-2007-0540\n\nSeveral remote vulnerabilities have been discovered in wordpress,\na weblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2007-3639\n\n Insufficient input sanitising allowed for remote attackers to\n redirect visitors to external websites.\n\nCVE-2007-4153\n\n Multiple cross-site scripting vulnerabilities allowed remote\n authenticated administrators to inject arbitrary web script or HTML.\n\nCVE-2007-4154\n\n SQL injection vulnerability allowed allowed remote authenticated\n administrators to execute arbitrary SQL commands.\n\nCVE-2007-0540\n\n WordPress allows remote attackers to cause a denial of service\n (bandwidth or thread consumption) via pingback service calls with\n a source URI that corresponds to a file with a binary content type,\n which is downloaded even though it cannot contain usable pingback data.\n\n[no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a normal user\n account to access the administrative interface.\n\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.3-1.\n\nWe recommend that you upgrade your wordpress package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz\n Size/MD5 checksum: 520314 e9d5373b3c6413791f864d56b473dd54\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2.diff.gz\n Size/MD5 checksum: 29327 663e0b7c1693ff63715e0253ad5cc036\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2.dsc\n Size/MD5 checksum: 891 2e297f530d472f47b40ba50ea04b1476\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2_all.deb\n Size/MD5 checksum: 521244 4851fe016749b1b9c819fd8d5785198e\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 2, "modified": "2008-05-01T17:00:18", "published": "2008-05-01T17:00:18", "id": "DEBIAN:DSA-1564-1:868BE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00138.html", "title": "[SECURITY] [DSA 1564-1] New wordpress packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:45:01", "description": "Several remote vulnerabilities have been discovered in WordPress, a\nweblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-3639\n Insufficient input sanitising allowed for remote\n attackers to redirect visitors to external websites.\n\n - CVE-2007-4153\n Multiple cross-site scripting vulnerabilities allowed\n remote authenticated administrators to inject arbitrary\n web script or HTML.\n\n - CVE-2007-4154\n SQL injection vulnerability allowed allowed remote\n authenticated administrators to execute arbitrary SQL\n commands.\n\n - CVE-2007-0540\n WordPress allows remote attackers to cause a denial of\n service (bandwidth or thread consumption) via pingback\n service calls with a source URI that corresponds to a\n file with a binary content type, which is downloaded\n even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a\n normal user account to access the administrative\n interface.", "edition": 26, "published": "2008-05-02T00:00:00", "title": "Debian DSA-1564-1 : wordpress - multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3639", "CVE-2007-0540", "CVE-2007-4153", "CVE-2007-4154"], "modified": "2008-05-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:wordpress"], "id": "DEBIAN_DSA-1564.NASL", "href": "https://www.tenable.com/plugins/nessus/32126", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1564. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32126);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-0540\", \"CVE-2007-3639\", \"CVE-2007-4153\", \"CVE-2007-4154\");\n script_xref(name:\"DSA\", value:\"1564\");\n\n script_name(english:\"Debian DSA-1564-1 : wordpress - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in WordPress, a\nweblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-3639\n Insufficient input sanitising allowed for remote\n attackers to redirect visitors to external websites.\n\n - CVE-2007-4153\n Multiple cross-site scripting vulnerabilities allowed\n remote authenticated administrators to inject arbitrary\n web script or HTML.\n\n - CVE-2007-4154\n SQL injection vulnerability allowed allowed remote\n authenticated administrators to execute arbitrary SQL\n commands.\n\n - CVE-2007-0540\n WordPress allows remote attackers to cause a denial of\n service (bandwidth or thread consumption) via pingback\n service calls with a source URI that corresponds to a\n file with a binary content type, which is downloaded\n even though it cannot contain usable pingback data.\n\n - [no CVE name yet]\n\n Insufficient input sanitising caused an attacker with a\n normal user account to access the administrative\n interface.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-3639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-0540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1564\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the wordpress package.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:wordpress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"wordpress\", reference:\"2.0.10-1etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}
