PublicDate: 2007-01-13 02:28:00 UTC
Candidate: CVE-2007-0233
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0233
Description:
 wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset
 variables when the input data includes a numeric parameter with a value
 matching an alphanumeric parameter's hash value, which allows remote
 attackers to execute arbitrary SQL commands via the tb_id parameter.  NOTE:
 it could be argued that this vulnerability is due to a bug in the unset PHP
 command (CVE-2006-3017) and the proper fix should be in PHP; if so, then
 this should not be treated as a vulnerability in WordPress.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:

dapper_wordpress: ignored (reached end-of-life)
edgy_wordpress: needed (reached end-of-life)
feisty_wordpress: released (2.1.0-1)
gutsy_wordpress: released (2.1.0-1)
hardy_wordpress: released (2.1.0-1)
intrepid_wordpress: released (2.1.0-1)
jaunty_wordpress: released (2.1.0-1)
karmic_wordpress: released (2.1.0-1)
devel_wordpress: released (2.1.0-1)
upstream_wordpress: needs-triage