CVE-2015-2213

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-2213
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://openwall.com/lists/oss-security/2015/08/04/7
http://www.debian.org/security/2015/dsa-3332
http://www.debian.org/security/2015/dsa-3383
http://www.securityfocus.com/bid/76160
http://www.securitytracker.com/id/1033178
https://codex.wordpress.org/Version_4.2.4 Patch Vendor Advisory
https://core.trac.wordpress.org/changeset/33555 Patch
https://core.trac.wordpress.org/changeset/33556
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ Patch Vendor Advisory
https://wpvulndb.com/vulnerabilities/8126
http://openwall.com/lists/oss-security/2015/08/04/7
http://www.debian.org/security/2015/dsa-3332
http://www.debian.org/security/2015/dsa-3383
http://www.securityfocus.com/bid/76160
http://www.securitytracker.com/id/1033178
https://codex.wordpress.org/Version_4.2.4 Patch Vendor Advisory
https://core.trac.wordpress.org/changeset/33555 Patch
https://core.trac.wordpress.org/changeset/33556
https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ Patch Vendor Advisory
https://wpvulndb.com/vulnerabilities/8126
Configurations

Configuration 1 (hide)

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
History

21 Nov 2024, 02:27

Type Values Removed Values Added
References () http://openwall.com/lists/oss-security/2015/08/04/7 - () http://openwall.com/lists/oss-security/2015/08/04/7 -
References () http://www.debian.org/security/2015/dsa-3332 - () http://www.debian.org/security/2015/dsa-3332 -
References () http://www.debian.org/security/2015/dsa-3383 - () http://www.debian.org/security/2015/dsa-3383 -
References () http://www.securityfocus.com/bid/76160 - () http://www.securityfocus.com/bid/76160 -
References () http://www.securitytracker.com/id/1033178 - () http://www.securitytracker.com/id/1033178 -
References () https://codex.wordpress.org/Version_4.2.4 - Patch, Vendor Advisory () https://codex.wordpress.org/Version_4.2.4 - Patch, Vendor Advisory
References () https://core.trac.wordpress.org/changeset/33555 - Patch () https://core.trac.wordpress.org/changeset/33555 - Patch
References () https://core.trac.wordpress.org/changeset/33556 - () https://core.trac.wordpress.org/changeset/33556 -
References () https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ - Patch, Vendor Advisory () https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ - Patch, Vendor Advisory
References () https://wpvulndb.com/vulnerabilities/8126 - () https://wpvulndb.com/vulnerabilities/8126 -
Information

Published : 2015-11-09 11:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-2213

Mitre link : CVE-2015-2213

CVE.ORG link : CVE-2015-2213

JSON object : View

Products Affected

wordpress

  • wordpress
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')