|Description||SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.|
|Source||CVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||high (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|wordpress (PTS)||wheezy (security), wheezy||3.6.1+dfsg-1~deb7u10||fixed|
|jessie (security), jessie||4.1+dfsg-1+deb8u8||fixed|
The information below is based on the following data on fixed versions.
seems present in etch even though admin-ajax.php was not shipped yet