Return to CVE list

CVE-2008-4106

5.1

Medium

CVE-2008-4106

18 Sep 2008

cve@mitre.org

Modified

View on MITRE Find on GitHub

Description

WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

cve@mitre.org

http://marc.info/?l=oss-security&m=122152830017099&w=2

cve@mitre.org

http://secunia.com/advisories/31737

cve@mitre.org

http://secunia.com/advisories/31870

cve@mitre.org

http://securityreason.com/securityalert/4272

cve@mitre.org

http://securitytracker.com/id?1020869

cve@mitre.org

http://wordpress.org/development/2008/09/wordpress-262/

cve@mitre.org

http://www.debian.org/security/2009/dsa-1871

cve@mitre.org

http://www.openwall.com/lists/oss-security/2008/09/11/6

cve@mitre.org

http://www.securityfocus.com/archive/1/496287/100/0/threaded

cve@mitre.org

http://www.securityfocus.com/bid/31068

cve@mitre.org

http://www.sektioneins.de/advisories/SE-2008-05.txt

cve@mitre.org

http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/

cve@mitre.org

http://www.vupen.com/english/advisories/2008/2553

cve@mitre.org

https://www.exploit-db.com/exploits/6397

cve@mitre.org

https://www.exploit-db.com/exploits/6421

cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00607.html

cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00629.html

af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=122152830017099&w=2

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31737

af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31870

af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/4272

af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1020869

af854a3a-2127-422b-91ae-364da2661108

http://wordpress.org/development/2008/09/wordpress-262/

af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1871

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2008/09/11/6

af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/496287/100/0/threaded

af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31068

af854a3a-2127-422b-91ae-364da2661108

http://www.sektioneins.de/advisories/SE-2008-05.txt

af854a3a-2127-422b-91ae-364da2661108

http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/

af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2553

af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/6397

af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/6421

af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00607.html

af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00629.html