wordpress: multiple vulnerabilities
| Package(s): | wordpress |
CVE #(s): | CVE-2006-6808
CVE-2007-0107
CVE-2007-0109
|
| Created: | January 16, 2007 |
Updated: | January 17, 2007 |
| Description: |
When decoding trackbacks with alternate character sets, WordPress does
not correctly sanitize the entries before further modifying a SQL
query. WordPress also displays different error messages in wp-login.php
based upon whether or not a user exists. David Kierznowski has
discovered that WordPress fails to properly sanitize recent file
information in /wp-admin/templates.php before sending that information
to a browser. An attacker could inject arbitrary SQL into WordPress
database queries. An attacker could also determine if a WordPress user
existed by trying to login as that user, better facilitating brute force
attacks. Lastly, an attacker authenticated to view the administrative
section of a WordPress instance could try to edit a file with a malicious
filename; this may cause arbitrary HTML or JavaScript to be executed in
users' browsers viewing /wp-admin/templates.php. |
| Alerts: |
|
