CVE-2007-6318 – WordPress Core < 2.3.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-6318
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character. Vulnerabilidad de inyección SQL en wp-includes/query.php en WordPress 2.3.1 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro s, cuando DB_CHARSET está asignado en (1) Big5, (2) GBK, o posiblemente otros conjuntos de caracteres de codificación que soporten una "\" en un caracter multibyte. • https://www.exploit-db.com/exploits/4721 http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058999.html http://secunia.com/advisories/28005 http://secunia.com/advisories/28310 http://securityreason.com/securityalert/3433 http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt http://www.securityfocus.com/archive/1/484828/100/0/threaded http://www.securityfocus.com/bid/26795 http://www.securitytracker.com/id?1019071 http://www.vupen.com/english/advisories/2007 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-2146 – WordPress Core < 2.2.3 - Restriction Bypass
https://notcve.org/view.php?id=CVE-2008-2146
wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages. El archivo wp-incluye/vars.php en Wordpress versiones anteriores a 2.2.3, no extrae apropiadamente la ruta (path) actual del PATH_INFO ($PHP_SELF), que permite a atacantes remotos omitir las restricciones de acceso previstas para ciertas páginas. • http://osvdb.org/45188 http://trac.wordpress.org/changeset/6029 http://trac.wordpress.org/changeset?old_path=tags%2F2.2.2&old=6063&new_path=tags%2F2.2.3&new=6063#file10 http://trac.wordpress.org/ticket/4748 https://exchange.xforce.ibmcloud.com/vulnerabilities/42379 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVE-2007-4893 – WordPress Core <= 2.2.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4893
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field. wp-admin/admin-functions.php de Wordpress versiones anteriores a 2.2.3 y Wordpress multi-user (MU) versiones anteriores a 1.2.5a no verifican apropiadamente el privilegio unfiltered_html, lo cual permite a atacantes remotos conducir ataques de secuencias de comandos en sitios cruzados (XSS) mediante datos modificados en (1) post.php ó (2) page.php con un campo no filtrado. • http://fedoranews.org/updates/FEDORA-2007-214.shtml http://secunia.com/advisories/26771 http://secunia.com/advisories/26796 http://trac.wordpress.org/ticket/4720 http://wordpress.org/development/2007/09/wordpress-223 http://www.securityfocus.com/bid/25639 http://www.vupen.com/english/advisories/2007/3132 https://bugzilla.redhat.com/show_bug.cgi?id=285831 https://exchange.xforce.ibmcloud.com/vulnerabilities/36576 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2007-3639 – WordPress Core < 2.2.2 - Open Redirect
https://notcve.org/view.php?id=CVE-2007-3639
WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php. WordPress anterior a 2.2.2 permite a atacantes remotos redireccionar a los vistantes a otros sitios web y potencialmente obtener información sensible a través del parámetro (1) the _wp_http_referer en wp-pass.php, relacionado con la función wp_get_referer en wp-includes/functions.php; y posiblemente otros vectores relacionados en (2) wp-includes/pluggable.php y (3) la función wp_nonce_ays en wp-includes/functions.php. • http://osvdb.org/40802 http://secunia.com/advisories/30013 http://securityreason.com/securityalert/2869 http://www.debian.org/security/2008/dsa-1564 http://www.securityfocus.com/archive/1/472885/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35272 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2007-3544 – WordPress Core <= 2.2.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2007-3544
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543. Vulnerabilidad e envío de archivo no restringido en (1) wp-app.php y (2) app.php de WordPresss 2.2.1 y WordPresss MU 1.2.3 permite a usuarios autenticados remotamente enviar y ejecutar código PHP de su elección a través de vectores no especificados, posiblemente relacionados con la tabla wp_postmeta y el uso de campos personalizados en anotaciones (posts) normales (sin adjuntos). • http://osvdb.org/37294 http://www.buayacorp.com/files/wordpress/wordpress-advisory.html • CWE-434: Unrestricted Upload of File with Dangerous Type •