CVE-2008-0682

SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://pierre.sudarovich.free.fr/index.php/2006/02/28/ajax-shoutbox/
http://secunia.com/advisories/28767	Vendor Advisory
http://www.securityfocus.com/bid/27583
https://www.exploit-db.com/exploits/5039

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wordpress:wordspew::::::::
	cpe:2.3:a:wordpress:wordspew:1.6:::::::*
	cpe:2.3:a:wordpress:wordspew:1.7:::::::*
	cpe:2.3:a:wordpress:wordspew:1.8:::::::*
	cpe:2.3:a:wordpress:wordspew:2.0:::::::*
	cpe:2.3:a:wordpress:wordspew:2.1:::::::*
	cpe:2.3:a:wordpress:wordspew:2.2:::::::*
	cpe:2.3:a:wordpress:wordspew:2.3:::::::*
	cpe:2.3:a:wordpress:wordspew:2.5:::::::*
	cpe:2.3:a:wordpress:wordspew:2.6:::::::*
	cpe:2.3:a:wordpress:wordspew:2.7:::::::*
	cpe:2.3:a:wordpress:wordspew:2.8:::::::*
	cpe:2.3:a:wordpress:wordspew:2.9:::::::*
	cpe:2.3:a:wordpress:wordspew:2.31:::::::*
	cpe:2.3:a:wordpress:wordspew:2.32:::::::*
	cpe:2.3:a:wordpress:wordspew:2.85:::::::*
	cpe:2.3:a:wordpress:wordspew:2.91:::::::*
	cpe:2.3:a:wordpress:wordspew:2.92:::::::*
	cpe:2.3:a:wordpress:wordspew:2.93:::::::*
	cpe:2.3:a:wordpress:wordspew:2.94:::::::*
	cpe:2.3:a:wordpress:wordspew:2.95:::::::*
	cpe:2.3:a:wordpress:wordspew:3.0:::::::*
	cpe:2.3:a:wordpress:wordspew:3.01:::::::*
	cpe:2.3:a:wordpress:wordspew:3.1:::::::*
	cpe:2.3:a:wordpress:wordspew:3.2:::::::*
	cpe:2.3:a:wordpress:wordspew:3.02:::::::*
	cpe:2.3:a:wordpress:wordspew:3.3:::::::*
	cpe:2.3:a:wordpress:wordspew:3.6:::::::*
	cpe:2.3:a:wordpress:wordspew:3.7:::::::*
	cpe:2.3:a:wordpress:wordspew:3.15:::::::*
	cpe:2.3:a:wordpress:wordspew:3.16:::::::*
	cpe:2.3:a:wordpress:wordspew:3.021:::::::*
	cpe:2.3:a:wordpress:wordspew:3.022:::::::*
	cpe:2.3:a:wordpress:wordspew:3.31:::::::*
	cpe:2.3:a:wordpress:wordspew:3.32:::::::*
	cpe:2.3:a:wordpress:wordspew:3.33:::::::*
	cpe:2.3:a:wordpress:wordspew:3.34:::::::*
	cpe:2.3:a:wordpress:wordspew:3.51:::::::*
	cpe:2.3:a:wordpress:wordspew:3.52:::::::*

History

No history.

Information

Published : 2008-02-12 01:00

Updated : 2023-12-10 10:40

NVD link : CVE-2008-0682

Mitre link : CVE-2008-0682

CVE.ORG link : CVE-2008-0682

JSON object : View

Products Affected

wordpress

wordspew

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.5 /10