mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-15 03:30:24 +02:00
0xMarcio
915 B
915 B
CVE-2007-4894
Description
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."