Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
wordpress 输入验证漏洞
Vulnerability Description
WordPress 2.6.2之前版本不能合理地处理MySQL警告,该警告市关于能够超越user_login专栏的最大值专栏宽度的用户名字符注入。同时它在与用户名对应时也不能合理处理空格字符,远程攻击者可以通过寄存一个相似的用户名并提交一个密码重设的请求以改变仁义用户的密码。
CVSS Information
N/A
Vulnerability Type
N/A