CVE-2010-4257 — SQL Injection in Wordpress

CWE-89 — SQL Injection5 documents5 sources

Severity

6.0MEDIUMNVD

EPSS

3.3%

top 12.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedDec 7

Latest updateMay 17

Description

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.0.2-1 (bookworm)

▶Debianwordpress/wordpress< 3.0.2-1+3

▶NVDwordpress/wordpress3.0.1

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-ggq7-6rpp-2v58: SQL injection vulnerability in the do_trackbacks function in wp-includes/comment↗2022-05-17

▶

OSV

CVE-2010-4257: SQL injection vulnerability in the do_trackbacks function in wp-includes/comment↗2010-12-07

▶

📋Vendor Advisories

Debian

CVE-2010-4257: wordpress - SQL injection vulnerability in the do_trackbacks function in wp-includes/comment...↗2010

▶

💬Community

Bugzilla

CVE-2010-4257 Wordpress: SQL injection flaw by processing trackbacks↗2010-12-02

▶