Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2821SQL Injection in Wordpress

12 documents7 sources
Severity
7.5HIGHNVD
EPSS
5.7%
top 9.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedMay 22
Latest updateMay 1

Description

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.2-1 (bookworm)
Debianwordpress/wordpress< 2.2-1+3

Patches

Patch: secunia.comPatch: www.securityfocus.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-v43p-v75m-q643: SQL injection vulnerability in wp-admin/admin-ajax2022-05-01
OSV
CVE-2007-2821: SQL injection vulnerability in wp-admin/admin-ajax2007-05-22

💥Exploits & PoCs

1
Exploit-DB
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing2007-05-21

🔍Detection Rules

6
Suricata
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie ASCII2010-07-30
Suricata
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UNION SELECT2010-07-30
Suricata
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie SELECT2010-07-30
Suricata
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie DELETE2010-07-30
Suricata
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UPDATE2010-07-30

📋Vendor Advisories

1
Debian
CVE-2007-2821: wordpress - SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 a...2007

💬Community

1
Bugzilla
CVE-2007-2821: wordpress < 2.2 admin-ajax.php SQL injection2007-05-23
CVE-2007-2821 — SQL Injection in Debian Wordpress | cvebase