CVE-2007-4894
Multiple SQL injection vulnerabilities in WordPress before 2.2.3 and WordPress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."
Date published : 2007-09-14