6.5
CVE-2007-4154
- EPSS 1.9%
- Veröffentlicht 03.08.2007 20:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core <= 2.2.1 - SQL Injection
SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 2.0.11, 2.2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.9% | 0.77 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
http://secunia.com/advisories/30013
http://www.debian.org/security/2008/dsa-1564
http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/
https://exchange.xforce.ibmcloud.com/vulnerabilities/35719
https://www.wordfence.com/threat-intel/vulnerabilities/id/f582eb1d-fcd0-4758-9922-969f8eb6efea