Lucene search

[email protected]NVD:CVE-2008-4106

HistorySep 18, 2008 - 5:59 p.m.

CVE-2008-4106

2008-09-1817:59:33

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.014

Percentile

86.5%

JSON

WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user’s password to a random value by registering a similar username and then requesting a password reset, related to a “SQL column truncation vulnerability.” NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.

Affected configurations

Nvd

Node

wordpresswordpressRange≤2.6.1

wordpresswordpressMatch0.71-gold

wordpresswordpressMatch1.0-platinum

wordpresswordpressMatch1.0.1-miles

wordpresswordpressMatch1.0.2-blakey

wordpresswordpressMatch1.2-delta

wordpresswordpressMatch1.2-mingus

wordpresswordpressMatch1.2.1

wordpresswordpressMatch1.2.2

wordpresswordpressMatch1.5-strayhorn

wordpresswordpressMatch1.5.1.1

wordpresswordpressMatch1.5.1.2

wordpresswordpressMatch1.5.1.3

wordpresswordpressMatch1.5.2

wordpresswordpressMatch2.0

wordpresswordpressMatch2.0.1

wordpresswordpressMatch2.0.4

wordpresswordpressMatch2.0.5

wordpresswordpressMatch2.0.6

wordpresswordpressMatch2.0.7

wordpresswordpressMatch2.0.9

wordpresswordpressMatch2.0.10

wordpresswordpressMatch2.0.11

wordpresswordpressMatch2.1

wordpresswordpressMatch2.1.1

wordpresswordpressMatch2.1.2

wordpresswordpressMatch2.1.3

wordpresswordpressMatch2.2

wordpresswordpressMatch2.2.1

wordpresswordpressMatch2.2.2

wordpresswordpressMatch2.2.3

wordpresswordpressMatch2.5

wordpresswordpressMatch2.5.1

wordpresswordpressMatch2.6

VendorProductVersionCPE
wordpresswordpress*cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
wordpresswordpress0.71-goldcpe:2.3:a:wordpress:wordpress:0.71-gold:*:*:*:*:*:*:*
wordpresswordpress1.0-platinumcpe:2.3:a:wordpress:wordpress:1.0-platinum:*:*:*:*:*:*:*
wordpresswordpress1.0.1-milescpe:2.3:a:wordpress:wordpress:1.0.1-miles:*:*:*:*:*:*:*
wordpresswordpress1.0.2-blakeycpe:2.3:a:wordpress:wordpress:1.0.2-blakey:*:*:*:*:*:*:*
wordpresswordpress1.2-deltacpe:2.3:a:wordpress:wordpress:1.2-delta:*:*:*:*:*:*:*
wordpresswordpress1.2-minguscpe:2.3:a:wordpress:wordpress:1.2-mingus:*:*:*:*:*:*:*
wordpresswordpress1.2.1cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*
wordpresswordpress1.2.2cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*
wordpresswordpress1.5-strayhorncpe:2.3:a:wordpress:wordpress:1.5-strayhorn:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wordpress	wordpress	*	cpe:2.3:a:wordpress:wordpress::::::::
wordpress	wordpress	0.71-gold	cpe:2.3:a:wordpress:wordpress:0.71-gold:::::::*
wordpress	wordpress	1.0-platinum	cpe:2.3:a:wordpress:wordpress:1.0-platinum:::::::*
wordpress	wordpress	1.0.1-miles	cpe:2.3:a:wordpress:wordpress:1.0.1-miles:::::::*
wordpress	wordpress	1.0.2-blakey	cpe:2.3:a:wordpress:wordpress:1.0.2-blakey:::::::*
wordpress	wordpress	1.2-delta	cpe:2.3:a:wordpress:wordpress:1.2-delta:::::::*
wordpress	wordpress	1.2-mingus	cpe:2.3:a:wordpress:wordpress:1.2-mingus:::::::*
wordpress	wordpress	1.2.1	cpe:2.3:a:wordpress:wordpress:1.2.1:::::::*
wordpress	wordpress	1.2.2	cpe:2.3:a:wordpress:wordpress:1.2.2:::::::*
wordpress	wordpress	1.5-strayhorn	cpe:2.3:a:wordpress:wordpress:1.5-strayhorn:::::::*