CVE-2015-2213 — SQL Injection in Wordpress

CWE-89 — SQL Injection7 documents5 sources

Severity

7.5HIGHNVD

EPSS

21.2%

top 4.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedNov 9

Latest updateMay 17

Description

SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 4.2.4+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 4.2.4+dfsg-1+3

▶NVDwordpress/wordpress4.2.3

Patches

Patch: codex.wordpress.org ↗Patch: core.trac.wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-qq9g-jv5w-jh6w: SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post↗2022-05-17

▶

OSV

CVE-2015-2213: SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post↗2015-11-09

▶

📋Vendor Advisories

Debian

CVE-2015-2213: wordpress - SQL injection vulnerability in the wp_untrash_post_comments function in wp-inclu...↗2015

▶

💬Community

Bugzilla

CVE-2015-2213 wordpress: cross-site scripting vulnerabilities and a potential SQL injection [fedora-all]↗2015-08-05

▶

Bugzilla

CVE-2015-2213 wordpress: cross-site scripting vulnerabilities and a potential SQL injection [epel-all]↗2015-08-05

▶

Bugzilla

CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734 wordpress: cross-site scripting vulnerabilities and a potential SQL injection↗2015-08-05

▶