CVE-2008-4106

Wordpress < 2.6.1 - Improper Input Validation

Title source: rule

Description

WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.

Exploits (2)

exploitdb WORKING POC VERIFIED

by iso^kpsbr · phpwebappsphp

https://www.exploit-db.com/exploits/6421

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by irk4z · textwebappsphp

https://www.exploit-db.com/exploits/6397

View Code ZIP pw:eip

References (17)

[Various Sources] http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/

[Mailing List] http://marc.info/?l=oss-security&m=122152830017099&w=2

[Vendor Advisory] http://secunia.com/advisories/31870

[Patch] http://wordpress.org/development/2008/09/wordpress-262/

[Various Sources] http://www.sektioneins.de/advisories/SE-2008-05.txt

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00607.html

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00629.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/496287/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31068

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6397

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6421

[Third Party Advisory] http://www.debian.org/security/2009/dsa-1871

[Mailing List] http://www.openwall.com/lists/oss-security/2008/09/11/6

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1020869

[Third Party Advisory] http://secunia.com/advisories/31737

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2553

[Third Party Advisory] http://securityreason.com/securityalert/4272

Scores

EPSS 0.1459

EPSS Percentile 94.5%

Details

CWE

CWE-20

Status published

Products (34)

wordpress/wordpress 0.71-gold

wordpress/wordpress 1.0-platinum

wordpress/wordpress 1.0.1-miles

wordpress/wordpress 1.0.2-blakey

wordpress/wordpress 1.2-delta

wordpress/wordpress 1.2-mingus

wordpress/wordpress 1.2.1

wordpress/wordpress 1.2.2

wordpress/wordpress 1.5-strayhorn

wordpress/wordpress 1.5.1.1

... and 24 more

Published Sep 18, 2008

Tracked Since Feb 18, 2026