Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
patchstackHanno BΓΆckPATCHSTACK:DAAF66A7B8424DB4E69ED068D85CF92C
HistorySep 15, 2008 - 12:00 a.m.

WordPress <= 2.6.1 - SQL Truncation Vulnerability #2

2008-09-1500:00:00
Hanno BΓΆck
patchstack.com
7

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

The attackers can change an arbitrary user’s password to a random value by registering a similar username and then requesting a password reset, related to a β€œSQL column truncation vulnerability.”, because this WordPress does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames.

Solution

           Update WordPress.
CPENameOperatorVersion
wordpressle2.6.1

Related

openvas 7
nessus 4
ubuntucve 1
debiancve 1
prion 1
cve 1
debian 2
osv 2
openvas
openvas
FreeBSD Ports: wordpress, de-wordpress
2008-09-17 00:00:00
Fedora Update for wordpress FEDORA-2008-7902
2009-02-17 00:00:00
Fedora Update for wordpress FEDORA-2008-7760
2009-02-17 00:00:00
nessus
nessus
Fedora 8 : wordpress-2.6.2-1.fc8 (2008-7760)
2008-09-12 00:00:00
Fedora 9 : wordpress-2.6.2-1.fc9 (2008-7902)
2008-09-12 00:00:00
FreeBSD : wordpress -- remote privilege escalation (884fced7-7f1c-11dd-a66a-0019666436c2)
2008-09-10 00:00:00
ubuntucve
ubuntucve
CVE-2008-4106
2008-09-18 00:00:00
debiancve
debiancve
CVE-2008-4106
2008-09-18 17:59:00
prion
prion
Sql injection
2008-09-18 17:59:00
cve
cve
CVE-2008-4106
2008-09-18 17:59:00
debian
debian
[SECURITY] [DSA 1871-2] New wordpress packages fix regression
2009-08-27 01:39:01
[SECURITY] [DSA 1871-1] New wordpress packages fix several vulnerabilities
2009-08-23 03:41:14
osv
osv
wordpress - several vulnerabilities
2009-08-23 00:00:00
wordpress - regression fix
2009-08-23 00:00:00

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON
Related for PATCHSTACK:DAAF66A7B8424DB4E69ED068D85CF92C
openvas7nessus4ubuntucve1debiancve1prion1cve1debian2osv2