oss-sec mailing list archives
Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)
From: Kurt Seifried <kseifrie () redhat com>
Date: Wed, 04 Jan 2012 14:27:58 -0700
On 01/03/2012 02:41 PM, Henri Salo wrote:
These two WordPress security vulnerabilities from 2003 are still without CVE-identifiers. I am requesting CVE-identifiers as these issues have highly critical impact. 1) SQL injection http://osvdb.org/show/osvdb/4610
Please use CVE-2003-1598 for the WordPress 0.70 ./wp-links/links.all.php SQL Injection
2) Arbitrary code injection http://osvdb.org/show/osvdb/4611
Please use CVE-2003-1599 for the WordPress 0.70 ./blog.header.php code injection
Secunia advisory: http://secunia.com/advisories/8954/ - Henri Salo
http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt -- -- Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE-request: WordPress SQL injection and arbitrary code injection (2003) Henri Salo (Jan 03)
- Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Kurt Seifried (Jan 04)
- Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Henri Salo (Jan 06)
- Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Kurt Seifried (Jan 06)
- Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Henri Salo (Jan 06)
- Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Kurt Seifried (Jan 04)