Lucene search
PRIOn knowledge basePRION:CVE-2007-0233HistoryJan 13, 2007 - 2:28 a.m.
Sql injection
2007-01-1302:28:00
PRIOn knowledge base
www.prio-n.com
8
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter’s hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.
Related
cvelist
cvelist
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
CVE-2007-0233
2007-01-13 02:28:00
CVE-2006-5116
2006-10-03 04:03:00
nvd
nvd
nessus
nessus
PmWiki < 2.1.21 Global Variables Overwriting
2006-09-06 00:00:00
WordPress Trackback 'wp-trackback.php' 'tb_id' Parameter SQL Injection
2007-01-12 00:00:00
e107 ibrowser.php zend_has_del() Function Remote Code Execution
2006-09-02 00:00:00
patchstack
patchstack
WordPress <= 2.0.6 - SQL Injection vulnerability
2007-01-12 00:00:00
suse
suse
bug fix in php4
2006-06-22 15:32:39
remote code execution in PHP4,PHP5
2006-06-14 16:37:08
prion
prion
Command injection
2007-10-09 18:17:00
Command injection
2007-10-12 21:17:00
Sql injection
2009-09-11 16:30:00
redhat
redhat
(RHSA-2006:0567) php security update
2006-07-25 00:00:00
(RHSA-2006:0568) php security update
2006-07-12 00:00:00
centos
centos
php security update
2006-07-26 22:56:15
php security update
2006-07-12 19:14:58
openvas
openvas
Debian Security Advisory DSA 1206-1 (php4)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1206-1)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-320-1)
2022-08-26 00:00:00
debian
debian
[SECURITY] [DSA 1206-1] New php4 packages fix several vulnerabilities
2006-11-06 18:13:12
osv
osv
php4
2006-11-06 00:00:00
securityvulns
securityvulns
ubuntu
ubuntu
PHP vulnerabilities
2006-07-19 00:00:00