CVE-2012-0937 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2012-0937

Deferred

More Info Official Page

Source-cve@mitre.org

Published At-30 Jan, 2012 | 17:55

Updated At-11 Apr, 2025 | 00:51

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

>>wordpress>>Versions up to 3.3.1(inclusive)

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

>>wordpress>>0.7

cpe:2.3:a:wordpress:wordpress:0.7:*:*:*:*:*:*:*

>>wordpress>>0.71

cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:*

>>wordpress>>0.72

cpe:2.3:a:wordpress:wordpress:0.72:*:*:*:*:*:*:*

>>wordpress>>0.711

cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:*

>>wordpress>>1.0

cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:*

>>wordpress>>1.0.1

cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:*

>>wordpress>>1.0.2

cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:*

>>wordpress>>1.2

cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*

>>wordpress>>1.2.1

cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*

>>wordpress>>1.2.2

cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*

>>wordpress>>1.5

cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*

>>wordpress>>1.5.1

cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*

>>wordpress>>1.5.1.2

cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*

>>wordpress>>1.5.1.3

cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*

>>wordpress>>1.5.2

cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*

>>wordpress>>2.0

cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*

>>wordpress>>2.0.1

cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*

>>wordpress>>2.0.2

cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*

>>wordpress>>2.0.3

cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*

>>wordpress>>2.0.4

cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*

>>wordpress>>2.0.5

cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*

>>wordpress>>2.0.6

cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*

>>wordpress>>2.0.7

cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*

>>wordpress>>2.0.8

cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:*

>>wordpress>>2.0.9

cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:*

>>wordpress>>2.0.10

cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*

>>wordpress>>2.0.11

cpe:2.3:a:wordpress:wordpress:2.0.11:*:*:*:*:*:*:*

>>wordpress>>2.1

cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*

>>wordpress>>2.1.1

cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*

>>wordpress>>2.1.2

cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*

>>wordpress>>2.1.3

cpe:2.3:a:wordpress:wordpress:2.1.3:*:*:*:*:*:*:*

>>wordpress>>2.2

cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*

>>wordpress>>2.2.1

cpe:2.3:a:wordpress:wordpress:2.2.1:*:*:*:*:*:*:*

>>wordpress>>2.2.2

cpe:2.3:a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*

>>wordpress>>2.2.3

cpe:2.3:a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:*

>>wordpress>>2.3

cpe:2.3:a:wordpress:wordpress:2.3:*:*:*:*:*:*:*

>>wordpress>>2.3.1

cpe:2.3:a:wordpress:wordpress:2.3.1:*:*:*:*:*:*:*

>>wordpress>>2.3.2

cpe:2.3:a:wordpress:wordpress:2.3.2:*:*:*:*:*:*:*

>>wordpress>>2.3.3

cpe:2.3:a:wordpress:wordpress:2.3.3:*:*:*:*:*:*:*

>>wordpress>>2.5

cpe:2.3:a:wordpress:wordpress:2.5:*:*:*:*:*:*:*

>>wordpress>>2.5.1

cpe:2.3:a:wordpress:wordpress:2.5.1:*:*:*:*:*:*:*

>>wordpress>>2.6

cpe:2.3:a:wordpress:wordpress:2.6:*:*:*:*:*:*:*

>>wordpress>>2.6.1

cpe:2.3:a:wordpress:wordpress:2.6.1:*:*:*:*:*:*:*

>>wordpress>>2.6.2

cpe:2.3:a:wordpress:wordpress:2.6.2:*:*:*:*:*:*:*

>>wordpress>>2.6.3

cpe:2.3:a:wordpress:wordpress:2.6.3:*:*:*:*:*:*:*

>>wordpress>>2.6.5

cpe:2.3:a:wordpress:wordpress:2.6.5:*:*:*:*:*:*:*

>>wordpress>>2.7

cpe:2.3:a:wordpress:wordpress:2.7:*:*:*:*:*:*:*

>>wordpress>>2.7.1

cpe:2.3:a:wordpress:wordpress:2.7.1:*:*:*:*:*:*:*

>>wordpress>>2.8

cpe:2.3:a:wordpress:wordpress:2.8:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html	cve@mitre.org	Exploit
http://www.exploit-db.com/exploits/18417	cve@mitre.org	Exploit
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt	cve@mitre.org	N/A
http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.exploit-db.com/exploits/18417	af854a3a-2127-422b-91ae-364da2661108	Exploit
https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt	af854a3a-2127-422b-91ae-364da2661108	N/A