CVE-2003-1598 — SQL Injection in Wordpress

CWE-89 — SQL Injection4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedOct 1

Latest updateApr 29

Description

SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 1.0.1-1 (bookworm)

▶Debianwordpress/wordpress< 1.0.1-1+3

▶NVDwordpress/wordpress0.7

🔴Vulnerability Details

GHSA

GHSA-gqr2-x8f5-qhj4: SQL injection vulnerability in log↗2022-04-29

▶

OSV

CVE-2003-1598: SQL injection vulnerability in log↗2014-10-01

▶

📋Vendor Advisories

Debian

CVE-2003-1598: wordpress - SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allow...↗2003

▶