| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
wordpress: multiple vulnerabilities
| Package(s): | wordpress | CVE #(s): | CVE-2007-3639 CVE-2007-4153 CVE-2007-4154 CVE-2007-0540 | |||
| Created: | May 1, 2008 | Updated: | May 7, 2008 | |||
| Description: | The wordpress weblog manager has a number of vulnerabilities.
From the Debian alert:
CVE-2007-3639 Insufficient input sanitising allowed for remote attackers to redirect visitors to external websites. CVE-2007-4153 Multiple cross-site scripting vulnerabilities allowed remote authenticated administrators to inject arbitrary web script or HTML. CVE-2007-4154 SQL injection vulnerability allowed allowed remote authenticated administrators to execute arbitrary SQL commands. CVE-2007-0540 WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. [no CVE name yet] Insufficient input sanitising caused an attacker with a normal user account to access the administrative interface. | |||||
| Alerts: |
| |||||
(Log in to post comments)