CVE-2007-4894

描述

Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."

如何修補 CVE-2007-4894

要修補 CVE-2007-4894,請將受影響套件升級到下列已修補版本。

• Debian/wordpress—升級至 2.2.3-1 或更新版本

CVE-2007-4894 正在被利用嗎?

低 — EPSS 為 4.0%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 2.2.3-1

參考連結(1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-4894