Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2007-0233 — Wordpress vulnerability
11 documents6 sources
Severity
7.5HIGHNVD
OSV9.3
EPSS
11.2%
top 6.47%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJan 13
Latest updateMay 1
Description
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages3 packages
🔴Vulnerability Details
2💥Exploits & PoCs
1🔍Detection Rules
6Suricata
▶
📋Vendor Advisories
1Debian▶
CVE-2007-0233: wordpress - wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variable...↗2007