Lucene search
Hanno BΓΆckPATCHSTACK:DAAF66A7B8424DB4E69ED068D85CF92CHistorySep 15, 2008 - 12:00 a.m.
WordPress <= 2.6.1 - SQL Truncation Vulnerability #2
2008-09-1500:00:00
Hanno BΓΆck
patchstack.com
14
EPSS
0.013
Percentile
86.0%
The attackers can change an arbitrary userβs password to a random value by registering a similar username and then requesting a password reset, related to a βSQL column truncation vulnerability.β, because this WordPress does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames.
Solution
Update WordPress.
Related
openvas
openvas
FreeBSD Ports: wordpress, de-wordpress
2008-09-17 00:00:00
FreeBSD Ports: wordpress, de-wordpress
2008-09-17 00:00:00
Fedora Update for wordpress FEDORA-2008-7902
2009-02-17 00:00:00
cvelist
cvelist
CVE-2008-4106
2008-09-18 17:47:00
ubuntucve
ubuntucve
CVE-2008-4106
2008-09-18 00:00:00
nessus
nessus
Fedora 8 : wordpress-2.6.2-1.fc8 (2008-7760)
2008-09-12 00:00:00
FreeBSD : wordpress -- remote privilege escalation (884fced7-7f1c-11dd-a66a-0019666436c2)
2008-09-10 00:00:00
Fedora 9 : wordpress-2.6.2-1.fc9 (2008-7902)
2008-09-12 00:00:00
nvd
nvd
CVE-2008-4106
2008-09-18 17:59:33
debiancve
debiancve
CVE-2008-4106
2008-09-18 17:59:33
prion
prion
Sql injection
2008-09-18 17:59:00
cve
cve
CVE-2008-4106
2008-09-18 17:59:33
debian
debian
[SECURITY] [DSA 1871-1] New wordpress packages fix several vulnerabilities
2009-08-23 03:41:14
[SECURITY] [DSA 1871-2] New wordpress packages fix regression
2009-08-27 01:39:01
osv
osv
wordpress - several vulnerabilities
2009-08-23 00:00:00
wordpress - regression fix
2009-08-23 00:00:00