SQL Injection Vulnerability in WP Comment Remix Plugin for WordPress
CVE-2008-4732

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Comment Remix Plugin
Vendor: CVE Published:; 24 October 2008

Summary

The WP Comment Remix plugin for WordPress is susceptible to an SQL injection vulnerability located in the ajax_comments.php file. This flaw enables remote attackers to execute arbitrary SQL commands through the manipulation of the 'p' parameter. Users of versions prior to 1.4.4 should assess the potential security risks and apply the necessary updates to mitigate exploitation.

References

http://secunia.com/advisories/32253

third-party-advisoryx_refsource_SECUNIA

https://www.exploit-db.com/exploits/6747

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/archive/1/497313/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Oct 24, 2008
Vulnerability Reserved
Oct 24, 2008