CVE-2008-0520

Currently unrated

Key Information:

Vendor: Wordpress
Status: Wassup Plugin
Vendor: CVE Published:; 31 January 2008

Summary

Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.

References

http://www.wpwp.org/archives/warning-security-bug-in-vers...

x_refsource_CONFIRM

https://www.exploit-db.com/exploits/5017

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/27525

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 31, 2008
Vulnerability Reserved
Jan 31, 2008