WordPress < 1.5.1.3 XMLRPC SQL Injection

High Nessus Plugin ID 18601

Synopsis

The remote web server contains a PHP application that is affected by a SQL injection vulnerability.

Description

The version of WordPress installed on the remote host is affected by a SQL injection vulnerability because the bundled XML-RPC library fails to properly sanitize user-supplied input to the 'xmlrpc.php' script.
An attacker can exploit this flaw to launch SQL injection attacks that could lead to disclosure of the administrator's password hash or attacks against the underlying database.

Note that the application is reportedly also affected by multiple cross-site scripting (XSS) vulnerabilities, multiple path disclosure vulnerabilities, and a flaw in which a remote attacker can modify the content of the 'forgotten password' message; however, Nessus has not tested for these issues.

Solution

Upgrade to WordPress version 1.5.1.3 or later.

See Also

http://www.nessus.org/u?8ec4b624

Plugin Details

Severity: High

ID: 18601

File Name: wordpress_1512.nasl

Version: 1.28

Type: remote

Family: CGI abuses

Published: 2005/07/01

Updated: 2018/08/15

Dependencies: 18297

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2005/06/29

Vulnerability Publication Date: 2005/06/29

Reference Information

CVE: CVE-2005-2108

EDB-ID: 1077