CVE-2007-3140
WordPress 2.2 - Authenticated SQL Injection via XML-RPC wp.suggestCategories Method
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-3140. PoCs published by Slappter.
AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in WordPress 2.2's xmlrpc.php via the wp_suggestCategories function. It leverages improper type handling of the $max_results parameter to extract user credentials (usernames and MD5 password hashes) from the database.
Description
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
Exploits (1)
This exploit targets a SQL injection vulnerability in WordPress 2.2's xmlrpc.php via the wp_suggestCategories function. It leverages improper type handling of the $max_results parameter to extract user credentials (usernames and MD5 password hashes) from the database.