CVE-2007-2821

WordPress < 2.2 - SQL Injection via Cookie Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2821. PoCs published by waraxe.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in WordPress 2.1.3's admin-ajax.php, using blind SQL injection techniques to extract user password hashes via timing attacks. It leverages BENCHMARK delays to infer character values.

Description

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by waraxe · phpwebappsphp
https://www.exploit-db.com/exploits/3960

This exploit targets a SQL injection vulnerability in WordPress 2.1.3's admin-ajax.php, using blind SQL injection techniques to extract user password hashes via timing attacks. It leverages BENCHMARK delays to infer character values.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: WordPress 2.1.3
No auth needed
Prerequisites: Target WordPress installation with vulnerable admin-ajax.php · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Vendor Advisory x_refsource_misc
http://www.waraxe.us/advisory-50.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1502
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/3960
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24076
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25345
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34399
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1889
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/469258/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29014
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36311

Scores

EPSS 0.0520
EPSS Percentile 91.4%

Details

Status published
Products (1)
wordpress/wordpress < 2.1.3
Published May 22, 2007
Tracked Since Feb 18, 2026