FreeBSD : wordpress -- XMLRPC SQL Injection (0838733d-1698-11dc-a197-0011098b2f36)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Secunia reports :

Slappter has discovered a vulnerability in WordPress, which can be
exploited by malicious users to conduct SQL injection attacks.

Input passed to the 'wp.suggestCategories' method in xmlrpc.php is not
properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving usernames and password
hashes, but requires valid user credentials and knowledge of the
database table prefix.

See also :

http://www.nessus.org/u?09a0f3cd

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 5.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 25591 (freebsd_pkg_0838733d169811dca1970011098b2f36.nasl)

Bugtraq ID: 24344

CVE ID: CVE-2007-3140

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now