Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)
From: Kurt Seifried <kseifrie () redhat com>
Date: Wed, 04 Jan 2012 14:27:58 -0700

On 01/03/2012 02:41 PM, Henri Salo wrote:
These two WordPress security vulnerabilities from 2003 are still without CVE-identifiers. I am requesting 
CVE-identifiers as these issues have highly critical impact.

1) SQL injection
http://osvdb.org/show/osvdb/4610
Please use CVE-2003-1598 for the WordPress    0.70
./wp-links/links.all.php SQL Injection



2) Arbitrary code injection
http://osvdb.org/show/osvdb/4611
Please use CVE-2003-1599 for the WordPress    0.70 ./blog.header.php
code injection

Secunia advisory: http://secunia.com/advisories/8954/

- Henri Salo
http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt

-- 

-- Kurt Seifried / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault