CVE-2005-3844

critical

Description

SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.

References

http://www.vupen.com/english/advisories/2005/2594

http://www.securityfocus.com/bid/15582

http://www.osvdb.org/21110

http://secunia.com/advisories/17733

http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html

http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181

Details

Source: Mitre, NVD

Published: 2005-11-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00542