CVE-2012-0937
published 2012-01-30CVE-2012-0937: wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL…
PriorityP433medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.07%
94.1th percentile
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time
Affected
74 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | — | — |
| wordpress | wordpress | <= 3.3.1 | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rrrf-759h-mc79: ** DISPUTED ** wp-admin/setup-config
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2012-0937 [MEDIUM] GHSA-rrrf-759h-mc79: ** DISPUTED ** wp-admin/setup-config
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time.
OSV
CVE-2012-0937: ** DISPUTED ** wp-admin/setup-config
osv·2012-01-30·CVSS 5.0
CVE-2012-0937 [MEDIUM] CVE-2012-0937: ** DISPUTED ** wp-admin/setup-config
** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time.
OSV
CVE-2012-0937: wp-admin/setup-config
osv·2012-01-30·CVSS 5.0
CVE-2012-0937 [MEDIUM] CVE-2012-0937: wp-admin/setup-config
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time
Debian
CVE-2012-0937: wordpress - wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and e...
vendor_debian·2012·CVSS 5.0
CVE-2012-0937 [MEDIUM] CVE-2012-0937: wordpress - wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and e...
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.htmlhttp://www.exploit-db.com/exploits/18417https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txthttp://archives.neohapsis.com/archives/bugtraq/2012-01/0150.htmlhttp://www.exploit-db.com/exploits/18417https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
2012-01-30
Published