WordPress XMLRPC.PHP SQL Injection Vulnerability
BID:24344
Info
WordPress XMLRPC.PHP SQL Injection Vulnerability
| Bugtraq ID: | 24344 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3140 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 06 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | Slappter is credited with the discovery of this vulnerability. |
| Vulnerable: |
WordPress WordPress 2.2 Revision 5003 WordPress WordPress 2.2 Revision 5002 WordPress WordPress 2.2 OpenPKG OpenPKG Current |
| Not Vulnerable: |
WordPress WordPress 2.2.1 |
Discussion
WordPress XMLRPC.PHP SQL Injection Vulnerability
WordPress is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This issue affects WordPress 2.2; other versions may also be vulnerable.
WordPress is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
This issue affects WordPress 2.2; other versions may also be vulnerable.
Exploit / POC
WordPress XMLRPC.PHP SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following exploit code is available:
Attackers can use a browser to exploit this issue.
The following exploit code is available:
Solution / Fix
WordPress XMLRPC.PHP SQL Injection Vulnerability
Solution:
The vendor has released WordPress 2.2.1 to address this issue; please see the references for details on fixes and upgrades.
WordPress WordPress 2.2
Solution:
The vendor has released WordPress 2.2.1 to address this issue; please see the references for details on fixes and upgrades.
WordPress WordPress 2.2
-
WordPress latest.tar.gz
http://wordpress.org/latest.tar.gz
References
WordPress XMLRPC.PHP SQL Injection Vulnerability
References:
References: