Vulnerability Description
SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | 2.2.1 |
References
- http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhous
- http://secunia.com/advisories/30013
- http://www.debian.org/security/2008/dsa-1564
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35719
- http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhous
- http://secunia.com/advisories/30013
- http://www.debian.org/security/2008/dsa-1564
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35719
FAQ
What is CVE-2007-4154?
CVE-2007-4154 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2...
How severe is CVE-2007-4154?
CVE-2007-4154 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4154?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.