CVE-2005-2108

Description

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.

How to fix CVE-2005-2108

To remediate CVE-2005-2108, upgrade the affected package to a fixed version below.

• Debian/wordpress—upgrade to 1.5.1.3-1 or later

Is CVE-2005-2108 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.5.1.3-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-2108