LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

wordpress: multiple vulnerabilities

Package(s):wordpress CVE #(s):CVE-2007-3639 CVE-2007-4153 CVE-2007-4154 CVE-2007-0540
Created:May 1, 2008 Updated:May 7, 2008
Description: The wordpress weblog manager has a number of vulnerabilities. From the Debian alert:

CVE-2007-3639 Insufficient input sanitising allowed for remote attackers to redirect visitors to external websites.

CVE-2007-4153 Multiple cross-site scripting vulnerabilities allowed remote authenticated administrators to inject arbitrary web script or HTML.

CVE-2007-4154 SQL injection vulnerability allowed allowed remote authenticated administrators to execute arbitrary SQL commands.

CVE-2007-0540 WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.

[no CVE name yet] Insufficient input sanitising caused an attacker with a normal user account to access the administrative interface.

Alerts:
Debian DSA-1564-1 2008-05-01
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds