CVE-2011-4899

WordPress Core 3.3.1 - Multiple Vulnerabilities

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments

** CONTROVERTIDO ** wp-admin/setup-config.php en el componente de instalación de WordPress v3.3.1 y versiones anteriores no garantiza que el servicio de base de datos MySQL especificado sea el apropiado, lo que permite configurar una base de datos de su elección a atacantes remotos a través de los parámetros dbhost y dbname y, posteriormente, realizar una inyección de código estático y ataques de ejecución de comandos en sitios cruzados (XSS) a través de (1) una solicitud HTTP o (2) una consulta MySQL. NOTA: el vendedor se opone a la importancia de esta cuestión, sin embargo, la ejecución de código remoto hace que el problema sea importante en muchos entornos reales.

WordPress versions 3.3.1 and below suffer from MySQL username/password disclosure, PHP code execution and cross site scripting vulnerabilities.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-12-23 CVE Reserved
2012-01-25 CVE Published
2012-01-25 First Exploit
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC
https://www.exploit-db.com/exploits/18417	2012-01-25
http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html	2024-09-16
http://www.exploit-db.com/exploits/18417	2024-09-16
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt	2024-09-16

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				<= 3.3.1 Search vendor "Wordpress" for product "Wordpress" and version " <= 3.3.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				0.7 Search vendor "Wordpress" for product "Wordpress" and version "0.7"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				0.71 Search vendor "Wordpress" for product "Wordpress" and version "0.71"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				0.72 Search vendor "Wordpress" for product "Wordpress" and version "0.72"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				0.711 Search vendor "Wordpress" for product "Wordpress" and version "0.711"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.0 Search vendor "Wordpress" for product "Wordpress" and version "1.0"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.0.1 Search vendor "Wordpress" for product "Wordpress" and version "1.0.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.0.2 Search vendor "Wordpress" for product "Wordpress" and version "1.0.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.2 Search vendor "Wordpress" for product "Wordpress" and version "1.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.2.1 Search vendor "Wordpress" for product "Wordpress" and version "1.2.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.2.2 Search vendor "Wordpress" for product "Wordpress" and version "1.2.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.5 Search vendor "Wordpress" for product "Wordpress" and version "1.5"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.5.1 Search vendor "Wordpress" for product "Wordpress" and version "1.5.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.5.1.2 Search vendor "Wordpress" for product "Wordpress" and version "1.5.1.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.5.1.3 Search vendor "Wordpress" for product "Wordpress" and version "1.5.1.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				1.5.2 Search vendor "Wordpress" for product "Wordpress" and version "1.5.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0 Search vendor "Wordpress" for product "Wordpress" and version "2.0"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.1 Search vendor "Wordpress" for product "Wordpress" and version "2.0.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.2 Search vendor "Wordpress" for product "Wordpress" and version "2.0.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.3 Search vendor "Wordpress" for product "Wordpress" and version "2.0.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.4 Search vendor "Wordpress" for product "Wordpress" and version "2.0.4"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.5 Search vendor "Wordpress" for product "Wordpress" and version "2.0.5"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.6 Search vendor "Wordpress" for product "Wordpress" and version "2.0.6"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.7 Search vendor "Wordpress" for product "Wordpress" and version "2.0.7"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.8 Search vendor "Wordpress" for product "Wordpress" and version "2.0.8"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.9 Search vendor "Wordpress" for product "Wordpress" and version "2.0.9"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.10 Search vendor "Wordpress" for product "Wordpress" and version "2.0.10"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.0.11 Search vendor "Wordpress" for product "Wordpress" and version "2.0.11"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.1 Search vendor "Wordpress" for product "Wordpress" and version "2.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.1.1 Search vendor "Wordpress" for product "Wordpress" and version "2.1.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.1.2 Search vendor "Wordpress" for product "Wordpress" and version "2.1.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.1.3 Search vendor "Wordpress" for product "Wordpress" and version "2.1.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.2 Search vendor "Wordpress" for product "Wordpress" and version "2.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.2.1 Search vendor "Wordpress" for product "Wordpress" and version "2.2.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.2.2 Search vendor "Wordpress" for product "Wordpress" and version "2.2.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.2.3 Search vendor "Wordpress" for product "Wordpress" and version "2.2.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.3 Search vendor "Wordpress" for product "Wordpress" and version "2.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.3.1 Search vendor "Wordpress" for product "Wordpress" and version "2.3.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.3.2 Search vendor "Wordpress" for product "Wordpress" and version "2.3.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.3.3 Search vendor "Wordpress" for product "Wordpress" and version "2.3.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.5 Search vendor "Wordpress" for product "Wordpress" and version "2.5"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.5.1 Search vendor "Wordpress" for product "Wordpress" and version "2.5.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.6 Search vendor "Wordpress" for product "Wordpress" and version "2.6"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.6.1 Search vendor "Wordpress" for product "Wordpress" and version "2.6.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.6.2 Search vendor "Wordpress" for product "Wordpress" and version "2.6.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.6.3 Search vendor "Wordpress" for product "Wordpress" and version "2.6.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.6.5 Search vendor "Wordpress" for product "Wordpress" and version "2.6.5"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.7 Search vendor "Wordpress" for product "Wordpress" and version "2.7"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.7.1 Search vendor "Wordpress" for product "Wordpress" and version "2.7.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.8 Search vendor "Wordpress" for product "Wordpress" and version "2.8"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.8.1 Search vendor "Wordpress" for product "Wordpress" and version "2.8.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.8.2 Search vendor "Wordpress" for product "Wordpress" and version "2.8.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.8.3 Search vendor "Wordpress" for product "Wordpress" and version "2.8.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.8.4 Search vendor "Wordpress" for product "Wordpress" and version "2.8.4"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.8.5 Search vendor "Wordpress" for product "Wordpress" and version "2.8.5"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.8.6 Search vendor "Wordpress" for product "Wordpress" and version "2.8.6"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.9 Search vendor "Wordpress" for product "Wordpress" and version "2.9"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.9.1 Search vendor "Wordpress" for product "Wordpress" and version "2.9.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				2.9.2 Search vendor "Wordpress" for product "Wordpress" and version "2.9.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.0 Search vendor "Wordpress" for product "Wordpress" and version "3.0"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.0.1 Search vendor "Wordpress" for product "Wordpress" and version "3.0.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.0.2 Search vendor "Wordpress" for product "Wordpress" and version "3.0.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.0.3 Search vendor "Wordpress" for product "Wordpress" and version "3.0.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.0.4 Search vendor "Wordpress" for product "Wordpress" and version "3.0.4"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.0.5 Search vendor "Wordpress" for product "Wordpress" and version "3.0.5"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.0.6 Search vendor "Wordpress" for product "Wordpress" and version "3.0.6"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.1 Search vendor "Wordpress" for product "Wordpress" and version "3.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.1.1 Search vendor "Wordpress" for product "Wordpress" and version "3.1.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.1.2 Search vendor "Wordpress" for product "Wordpress" and version "3.1.2"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.1.3 Search vendor "Wordpress" for product "Wordpress" and version "3.1.3"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.1.4 Search vendor "Wordpress" for product "Wordpress" and version "3.1.4"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.2.1 Search vendor "Wordpress" for product "Wordpress" and version "3.2.1"		-		Affected
Wordpress Search vendor "Wordpress"		Wordpress Search vendor "Wordpress" for product "Wordpress"				3.3 Search vendor "Wordpress" for product "Wordpress" and version "3.3"		-		Affected