icon

We found results for “

CVE-2011-4899

Good to know:

icon

Date: January 30, 2012

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments

Language: PHP

Severity Score

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

icon

Upgrade Version

Upgrade to version 3.3.2

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us