ID CVE-2005-2108
Summary SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
References
Vulnerable Configurations
  • WordPress 1.0
    cpe:2.3:a:wordpress:wordpress:1.0
  • WordPress 1.0.1
    cpe:2.3:a:wordpress:wordpress:1.0.1
  • WordPress 1.0.2
    cpe:2.3:a:wordpress:wordpress:1.0.2
  • WordPress 1.2
    cpe:2.3:a:wordpress:wordpress:1.2
  • WordPress 1.5
    cpe:2.3:a:wordpress:wordpress:1.5
  • WordPress 1.5.1
    cpe:2.3:a:wordpress:wordpress:1.5.1
  • WordPress 1.5.1.2
    cpe:2.3:a:wordpress:wordpress:1.5.1.2
CVSS
Base: 7.5 (as of 06-07-2005 - 08:33)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Wordpress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit. CVE-2005-2108. Webapps exploit for php platform
id EDB-ID:1077
last seen 2016-01-31
modified 2005-06-30
published 2005-06-30
reporter James Bercegay
source https://www.exploit-db.com/download/1077/
title WordPress <= 1.5.1.2 - xmlrpc Interface SQL Injection Exploit
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_DCA0A345ED8111D983100001020EED82.NASL
    description GulfTech Security Research reports : There are a number of vulnerabilities in WordPress that may allow an attacker to ultimately run arbitrary code on the vulnerable system. These vulnerabilities include SQL Injection, Cross Site Scripting, and also issues that may aid an attacker in social engineering.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 19142
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19142
    title FreeBSD : wordpress -- multiple vulnerabilities (dca0a345-ed81-11d9-8310-0001020eed82)
  • NASL family CGI abuses
    NASL id WORDPRESS_1512.NASL
    description The version of WordPress installed on the remote host is affected by a SQL injection vulnerability because the bundled XML-RPC library fails to properly sanitize user-supplied input to the 'xmlrpc.php' script. An attacker can exploit this flaw to launch SQL injection attacks that could lead to disclosure of the administrator's password hash or attacks against the underlying database. Note that the application is reportedly also affected by multiple cross-site scripting (XSS) vulnerabilities, multiple path disclosure vulnerabilities, and a flaw in which a remote attacker can modify the content of the 'forgotten password' message; however, Nessus has not tested for these issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 18601
    published 2005-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18601
    title WordPress < 1.5.1.3 XMLRPC SQL Injection
refmap via4
bugtraq 20050629 WordPress 1.5.1.2 && Earlier Multiple Vulnerabilities
misc http://www.gulftech.org/?node=research&article_id=00085-06282005
secunia 15831
Last major update 17-10-2016 - 23:25
Published 05-07-2005 - 00:00
Back to Top