HTTP: Wordpress 2.2 (xmlrpc.php) SQL Injection Vulnerability
This signature detects attempts to exploit a known vulnerability against Wordpress. Versions 2.2 and prior are vulnerable. Attackers can inject SQL commands allowing for total compromise of the target system.
Extended Description
WordPress is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. This issue affects WordPress 2.2; other versions may also be vulnerable.
Affected Products
Openpkg openpkg
Short Name
HTTP:SQL:INJ:WP-SQL
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
(xmlrpc.php) 2.2 CVE-2007-3140 Injection SQL Vulnerability Wordpress bid:24344
Release Date
06/20/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Openpkg
Wordpress
CVSS Score
6.5