Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1897SQL Injection in Wordpress

CWE-89SQL Injection11 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
2.6%
top 14.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedApr 9
Latest updateMay 1

Description

SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.2.1-1 (bookworm)+1
Debianwordpress/wordpress< 2.2.1-1+7
NVDwordpress/wordpress2.1.2+3

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

4
GHSA
GHSA-pp8c-8h35-cghc: SQL injection vulnerability in xmlrpc (xmlrpc2022-05-01
GHSA
GHSA-m425-pqwf-xvhx: SQL injection vulnerability in xmlrpc2022-05-01
OSV
CVE-2007-3140: SQL injection vulnerability in xmlrpc2007-06-08
OSV
CVE-2007-1897: SQL injection vulnerability in xmlrpc (xmlrpc2007-04-09

💥Exploits & PoCs

1
Exploit-DB
WordPress Core 2.1.2 - 'xmlrpc' SQL Injection2007-04-03

📋Vendor Advisories

2
Debian
CVE-2007-3140: wordpress - SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authent...2007
Debian
CVE-2007-1897: wordpress - SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and proba...2007

💬Community

1
Bugzilla
CVE-2007-1893, CVE-2007-1897: wordpress < 2.1.3 issues2007-04-10
CVE-2007-1897 — SQL Injection in Debian Wordpress | cvebase