SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.
CVSS v2.0 Score
7.5
/ 10.0
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Information
- Published
- 6 mars 2006
- Updated
- 16 avr. 2026
- Status
- Modified
- Source
- cve@mitre.org
Affected products
wordpress wordpressAll WordPress CVEs →
Versions : 1.5.2
Weaknesses (CWE)
NVD-CWE-Other
References (10)
- http://secunia.com/advisories/19109PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200603-01.xmlPatchVendor Advisory
- http://secunia.com/advisories/19109PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200603-01.xmlPatchVendor Advisory
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.