Bug 240970

Summary: CVE-2007-2821: wordpress < 2.2 admin-ajax.php SQL injection
Product: [Fedora] Fedora Reporter: Ville Skyttä <ville.skytta>
Component: wordpressAssignee: John Berninger <john>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: fedora-security-list
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2821
Whiteboard:
Fixed In Version: 2.2.1-1.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-07-05 19:22:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ville Skyttä 2007-05-23 14:50:22 UTC
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2821

"SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2
allows remote attackers to execute arbitrary SQL commands via the cookie parameter."

Comment 1 Fedora Update System 2007-07-05 19:22:49 UTC
wordpress-2.2.1-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.