ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <=1.5 - SQL injection vulnerability

Product
WordPress
Description
Because of this vulnerability in wp-trackback.php, attackers can execute arbitrary SQL commands via the "tb_id" parameter.
Solution
Update this plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
CVE Mitre
CVE
Name CVE-2005-1687
Versions
Affected In <=1.5
Fixed In 1.5.2
Disclosure date
2005-05-20
Submitter
ThreatPress