CVE-2007-0262
wordpress - multiple vulnerabilities
EPSS 0.96%
Description
WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.
How to fix CVE-2007-0262
To remediate CVE-2007-0262, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 2.0.8-1 or later
- Debian/wordpress—upgrade to 2.0.8-1 or later
Is CVE-2007-0262 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.0.8-1
- from 0, < 2.0.8-1