5 matches found
[SECURITY] [DSA 1502-1] New wordpress packages fix multiple vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1502-1 [email protected] http://www.debian.org/security/ Noah Meyerhans February 22, 2008 http://www.debian.org/security/faq -...
WordPress check_ajax_referer() Function SQL Injection
The version of WordPress on the remote host fails to properly sanitize input to the 'cookie' parameter of the 'wp-admin/admin-ajax.php' script before using it in the 'checkajaxreferer' function in database queries. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated, remote attacker...
CVE-2007-2821
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...
CVE-2007-2821
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...
CVE-2007-2821
CVE-2007-2821 affects WordPress core; vulnerable component is wp-admin/admin-ajax.php in WordPress before 2.2. The root cause is improper handling of the cookie parameter in SQL queries, enabling remote attackers to execute arbitrary SQL commands. Impact is remote data access/modification via SQL...