Lucene search
PRIOn knowledge basePRION:CVE-2011-4899HistoryJan 30, 2012 - 5:55 p.m.
Cross site scripting
2012-01-3017:55:00
PRIOn knowledge base
www.prio-n.com
8
DISPUTED wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments.
Related
cve
cve
CVE-2011-4899
2022-10-03 16:15:14
nvd
nvd
CVE-2011-4899
2012-01-30 17:55:00
packetstorm
packetstorm
Elipse E3 Scada PLC Denial Of Service
2014-07-15 00:00:00
WordPress 3.3.1 Code Execution / Cross Site Scripting
2012-01-25 00:00:00
ubuntucve
ubuntucve
CVE-2011-4899
2012-01-30 00:00:00
cvelist
cvelist
CVE-2011-4899
2022-10-03 16:15:14
vulnrichment
vulnrichment
CVE-2011-4899
2022-10-03 16:15:14
debiancve
debiancve
CVE-2011-4899
2022-10-03 16:15:14
seebug
seebug
wordpress <= 3.3.1 - Multiple Vulnerabilities
2014-07-01 00:00:00
WordPress 3.3.1 Code Execution / Cross Site Scripting
2012-01-25 00:00:00
securityvulns
securityvulns
TWSL2012-002: Multiple Vulnerabilities in WordPress
2012-02-13 00:00:00
openvas
openvas
WordPress 'setup-config.php' Multiple Vulnerabilities
2012-02-01 00:00:00
exploitpack
exploitpack
WordPress 3.3.1 - Multiple Vulnerabilities
2012-01-25 00:00:00
exploitdb
exploitdb
WordPress Core 3.3.1 - Multiple Vulnerabilities
2012-01-25 00:00:00
nessus
nessus
WordPress < 3.3.2 Multiple Vulnerabilities
2012-05-09 00:00:00