CVE-2007-0233

WordPress <2.0.6 - SQL Injection

Title source: llm

Description

wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/3109

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/31385

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21983

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3109

[Third Party Advisory, VDB Entry] http://osvdb.org/36860

Scores

EPSS 0.1118

EPSS Percentile 93.5%

Details

Status published

Products (19)

wordpress/wordpress 0.6.2 beta_2

wordpress/wordpress 0.6.2.1 beta_2

wordpress/wordpress 0.7

wordpress/wordpress 0.71

wordpress/wordpress 1.2

wordpress/wordpress 1.2.1

wordpress/wordpress 1.2.2

wordpress/wordpress 1.5

wordpress/wordpress 1.5.1

wordpress/wordpress 1.5.1.2

... and 9 more

Published Jan 13, 2007

Tracked Since Feb 18, 2026