FKIE_CVE-2011-4899
Vulnerability from fkie_nvd - Published: 2012-01-30 17:55 - Updated: 2026-04-29 01:13
Severity ?
Summary
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C05410D-70B2-405A-9D11-3614114220A3",
"versionEndIncluding": "3.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0395AD1D-3470-49EE-9F2A-349EF8782B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8B90E9-5DF5-45F5-9810-2973FDAA16A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "5F33ACD9-B4B6-4B5E-9CD5-26AA5997119C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:*",
"matchCriteriaId": "0174AF4F-9759-4762-ACF4-688E232AF1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D86BA1-3DC8-478C-B2FA-581F9AE1F93E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7BEFBD-4326-44A5-A160-9406D94AB307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E85A88D7-07A1-4A8C-88B5-057AD9C675E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1FE320-DF71-42EC-A0F0-300F7D6D4AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B64D4777-2ED6-4A47-A8F3-38A3A8EB1ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "614956CB-0582-4EAD-86F4-5AB0BB781CE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "503E4894-3F39-471F-9A56-052718813BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38085E5A-7B41-4E43-8A22-5FD44970F3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F0BF1F6-A54A-48E8-A872-015FE10E5D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F0B6EAC-E43D-4D1B-856F-7C23250A2355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51FAD0FC-CE84-4332-B061-75C0C8A0B6AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDCFE9AA-39E9-4366-AAB7-F7A891BC797E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF4671A-8449-438E-922B-94E5542137BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92F05A1F-2227-4166-807B-1BDE2EA8F245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73E23-7CD0-429C-986B-5F721F1696BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECE66B3-3696-4E98-AF63-DF2FB256A6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E75BB382-6B47-4C6A-BF94-80443BEB1A23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA75368-506F-4772-B0F2-8AAECDF288F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDD9E5C-766F-4945-B87D-781E780AB03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A48C0BB5-2D87-49ED-A8EB-843E5F0EAE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E6AAA17D-FBB8-4F54-82E2-870D6FA5C299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A0CAEE-5C14-44C6-85FB-6AFDAAA1C3F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE667A-A937-4C38-B4D5-29B33F23F7B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3624D4-E666-4A1B-B465-714ACBA0034C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7CBC45-320E-48CF-9A63-07DDE2FB61BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266E32CD-66FB-4E19-8091-EC748B177D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DD9120-2224-4612-A6EE-539F47BD50E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5A9FBA02-8A6A-471F-92CD-D8E77B5061C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B5BC7E8-4C8A-4183-AB8C-1DAE12935387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F9137B-D13F-488B-8196-85E06FAB682E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "82F257F4-CB62-4C6F-8866-AA253EC8C0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79AB6F6F-2FE3-4FC3-9009-D40EA852711F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A82F4D88-779D-4D5D-96CD-2B31B61BA29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0DABD9-DE15-4619-8668-0277A67F5205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A80D1CBE-DA6D-4939-A4A4-8F237C97F76C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "40BEC573-A346-4F07-8053-A5F6E92A343C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A777651-D2B2-47E0-A13C-BD667635F3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B017F95A-90F8-4DE4-B74F-ABB712F32987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1503C4CB-5D58-4523-860C-4B637AD91CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "55050BF2-A950-45FF-8CD7-7689431AD82A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1253161D-F1C8-46D6-B970-20335071500E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE401B3-6291-4EA8-8800-0350BAC0B22E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0D45AE-F0FE-4005-80FB-FEFD2DCCE7D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5663CAA-0859-447E-8489-02CE4315DF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "480AE325-6DE1-4769-A931-0C6F40D15267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE23B6C2-354C-47BE-87B9-D4A0A3EE8ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC657077-8955-4CE6-93D8-F78B1BA3A949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43FADD00-822C-4BA2-A39F-1459AD786683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D863DE9E-FD9E-4EA1-9615-02D678813AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA39559-D170-4644-B04D-D6D806B5F33C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7BF77C-68A1-421B-A446-6206354CA7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF45B5A6-0D49-494F-98A0-CCCBB0CBB882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB874C78-3F05-4053-A685-40DE7055359C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "654F2F75-42D4-4D7A-A8B8-F1C580ABDCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A684588-4D37-4817-9A1A-BF2E70EC8F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05D3E145-ECF8-4BAD-9471-4E4605887B18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "525887EE-50DB-4739-8897-A0D19D486CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC19614-2A59-4A49-B824-35975502B38F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2DDB9C-E1D7-4DBD-A27C-93C9A9C0B7E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "832F89CB-595B-407A-A27C-F655F7112830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "89977E0E-694C-49FA-814D-D356EC9294C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88D1E83C-39AC-4E3D-874A-AF0F16ADDE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65FD149E-8CF4-46FE-9F5E-9DEE61B4164C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1397-7262-4B61-8061-83C2ED731DB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C85D16FE-BB31-4866-8F85-22F1C0F1131D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3446B691-B59E-4FCC-9F88-385AED59CBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07D26683-3F22-4BAD-BD4F-CB712DB8F855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wordpress:wordpress:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "648439C2-2459-4AB3-9E9A-B63F5030A4AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments"
},
{
"lang": "es",
"value": "** CONTROVERTIDO ** wp-admin/setup-config.php en el componente de instalaci\u00f3n de WordPress v3.3.1 y versiones anteriores no garantiza que el servicio de base de datos MySQL especificado sea el apropiado, lo que permite configurar una base de datos de su elecci\u00f3n a atacantes remotos a trav\u00e9s de los par\u00e1metros dbhost y dbname y, posteriormente, realizar una inyecci\u00f3n de c\u00f3digo est\u00e1tico y ataques de ejecuci\u00f3n de comandos en sitios cruzados (XSS) a trav\u00e9s de (1) una solicitud HTTP o (2) una consulta MySQL. NOTA: el vendedor se opone a la importancia de esta cuesti\u00f3n, sin embargo, la ejecuci\u00f3n de c\u00f3digo remoto hace que el problema sea importante en muchos entornos reales."
}
],
"id": "CVE-2011-4899",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-30T17:55:00.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18417"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…