WordPress < 1.5.1.3 XMLRPC SQL Injection

high Nessus Plugin ID 18601

Synopsis

The remote web server contains a PHP application that is affected by a SQL injection vulnerability.

Description

The version of WordPress installed on the remote host is affected by a SQL injection vulnerability because the bundled XML-RPC library fails to properly sanitize user-supplied input to the 'xmlrpc.php' script.
An attacker can exploit this flaw to launch SQL injection attacks that could lead to disclosure of the administrator's password hash or attacks against the underlying database.

Note that the application is reportedly also affected by multiple cross-site scripting (XSS) vulnerabilities, multiple path disclosure vulnerabilities, and a flaw in which a remote attacker can modify the content of the 'forgotten password' message; however, Nessus has not tested for these issues.

Solution

Upgrade to WordPress version 1.5.1.3 or later.

See Also

http://www.nessus.org/u?8ec4b624

Plugin Details

Severity: High

ID: 18601

File Name: wordpress_1512.nasl

Version: 1.30

Type: remote

Family: CGI abuses

Published: 7/1/2005

Updated: 6/5/2024

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/29/2005

Vulnerability Publication Date: 6/29/2005

Reference Information

CVE: CVE-2005-2108