Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0682

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0682
Last Modified 04 Nov 2008 12:00:00
Published 11 Feb 2008 08:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0682

Summary

SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Vulnerable Systems

Application

  • Wordpress Wordspew 1.6

  • Wordpress Wordspew 1.7

  • Wordpress Wordspew 1.8

  • Wordpress Wordspew 2.0

  • Wordpress Wordspew 2.1

  • Wordpress Wordspew 2.2

  • Wordpress Wordspew 2.3

  • Wordpress Wordspew 2.31

  • Wordpress Wordspew 2.32

  • Wordpress Wordspew 2.5

  • Wordpress Wordspew 2.6

  • Wordpress Wordspew 2.7

  • Wordpress Wordspew 2.8

  • Wordpress Wordspew 2.85

  • Wordpress Wordspew 2.9

  • Wordpress Wordspew 2.91

  • Wordpress Wordspew 2.92

  • Wordpress Wordspew 2.93

  • Wordpress Wordspew 2.94

  • Wordpress Wordspew 2.95

  • Wordpress Wordspew 3.0

  • Wordpress Wordspew 3.01

  • Wordpress Wordspew 3.02

  • Wordpress Wordspew 3.021

  • Wordpress Wordspew 3.022

  • Wordpress Wordspew 3.1

  • Wordpress Wordspew 3.15

  • Wordpress Wordspew 3.16

  • Wordpress Wordspew 3.2

  • Wordpress Wordspew 3.3

  • Wordpress Wordspew 3.31

  • Wordpress Wordspew 3.32

  • Wordpress Wordspew 3.33

  • Wordpress Wordspew 3.34

  • Wordpress Wordspew 3.51

  • Wordpress Wordspew 3.52

  • Wordpress Wordspew 3.6

  • Wordpress Wordspew 3.7

  • Wordpress Wordspew 3.71


References

BID - 27583

MILW0RM - 5039

SECUNIA - 28767

CONFIRM - http://pierre.sudarovich.free.fr/index.php/2006/02/28/ajax-shoutbox/


Last Updated: 27 May 2016 10:46:54