Debian 4.0: DSA-1502-1 Critical: WordPress XSS And SQL Injection
debian
February 21, 2008
Cross-site scripting (XSS) vulnerability in functions.php in the default theme
in WordPress allows remote authenticated administrators to inject arbitrary web
script or HTML via ...
Topics Covered
Summary
CVE-2007-3238
Cross-site scripting (XSS) vulnerability in functions.php in the default theme
in WordPress allows remote authenticated administrators to inject arbitrary web
script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php.
CVE-2007-2821
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2
allows remote attackers to execute arbitrary SQL commands via the cookie
parameter.
CVE-2008-0193
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress
2.0.11 and earlier allows remote attackers to inject arbitrary web script or
HTML via the backup parameter in a wp-db-backup.php action to
wp-admin/edit.php.
CVE-2008-0194
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and
earlier allows remote attackers to read arbitrary files, delete arbitrary
files, and cause a denial of service via a .. (dot dot) in the backup parameter
in a wp-db-backup.php action to wp-admin/edit.php.
For the stable distributi...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!