Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (3)
| Vulnerability |
Summary |
Aliases |
|
VCID-91ay-j618-akgj
|
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.
|
CVE-2007-3140
|
|
VCID-dfrf-wx3v-rfbg
|
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
|
CVE-2007-3543
|
|
VCID-k96h-dr15-ufhv
|
PHPMailer Shell command injection
PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in `class.phpmailer.php`.
### Impact
Shell command injection, remotely exploitable if host application does not filter user data appropriately.
### Patches
Fixed in 1.7.4
### Workarounds
Filter and validate user-supplied data before putting in the into the `Sender` property.
### References
https://nvd.nist.gov/vuln/detail/CVE-2007-3215
### For more information
If you have any questions or comments about this advisory:
* Open a private issue in [the PHPMailer project](https://github.com/PHPMailer/PHPMailer)
|
CVE-2007-3215
GHSA-6h78-85v2-mmch
|