CVE-2015-2213

EPSS 21.2%

wordpress - security update

發布日:2015/11/9修改日:2026/5/27

描述

SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.

受影響套件(4)

Debian/wordpressfrom 0, < 4.2.4+dfsg-1
Debian/wordpressfrom 0, < 3.6.1+dfsg-1~deb6u7
Debian/wordpressfrom 0, < 4.1+dfsg-1+deb8u4
Debian/wordpressfrom 0, < 3.6.1+dfsg-1~deb7u8

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-2213