Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Wordpress xmlrpc.php脚本远程SQL注入漏洞
Vulnerability Description
WordPress是一款免费的论坛Blog系统。 WordPress的xmlrpc.php脚本实现上存在输入验证漏洞,远程攻击者可能利用此漏洞非授权操作服务器上的后台数据库。 WordPress的xmlrpc.php脚本中没有正确验证对wp.suggestCategories方式的输入,允许攻击者通过注入任意SQL代码控制SQL查询,导致检索用户名和口令哈希。但成功攻击要求有效的用户凭据并了解数据库表格前缀。 WordPress没有正确的验证对pingback.extensions.getPingback
CVSS Information
N/A
Vulnerability Type
N/A