WordPress < 2.0.6 HTML Parameter Injection

Medium Nessus Network Monitor Plugin ID 3873

Synopsis

The remote server is hosting an outdated installation of WordPress that is vulnerable to HTML Parameter Injection.

Description

The remote host is running WordPress, a web blog manager written in PHP. The remote version of this software is reported to be vulnerable to a flaw where a remote attacker can inject malicious script code into the 'file' parameter of the 'template.php' script. Successful exploitation would result in script code being executed in the browsers of other WordPress clients. In addition, the application is reported to be vulnerable to a SQL injection attack. An attacker exploiting this attack vector would only need to send malformed requests to the WordPress application. Successful exploitation would result in the attacker executing arbitrary SQL statements on the database server utilized by WordPress.

Solution

Upgrade to WordPress 2.0.6, or later.

See Also

http://wordpress.org

Plugin Details

Severity: Medium

ID: 3873

File Name: 3873.prm

Family: CGI

Published: 2006/12/28

Modified: 2016/11/23

Dependencies: 9035

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 6.3

Temporal Score: 5.9

Vector: CVSS3#AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2006-6808, CVE-2007-0107

BID: 21896, 21907, 21782

OSVDB: 31578, 31579