cpe:/a:wordpress:wordpress:0.71-gold cpe:/a:wordpress:wordpress:1.0-platinum cpe:/a:wordpress:wordpress:1.0.1-miles cpe:/a:wordpress:wordpress:1.0.2-blakey cpe:/a:wordpress:wordpress:1.2-delta cpe:/a:wordpress:wordpress:1.2-mingus cpe:/a:wordpress:wordpress:1.2.1 cpe:/a:wordpress:wordpress:1.2.2 cpe:/a:wordpress:wordpress:1.5-strayhorn cpe:/a:wordpress:wordpress:1.5.1.1 cpe:/a:wordpress:wordpress:1.5.1.2 cpe:/a:wordpress:wordpress:1.5.1.3 cpe:/a:wordpress:wordpress:1.5.2 cpe:/a:wordpress:wordpress:2.0 cpe:/a:wordpress:wordpress:2.0.1 cpe:/a:wordpress:wordpress:2.0.4 cpe:/a:wordpress:wordpress:2.0.5 cpe:/a:wordpress:wordpress:2.0.6 cpe:/a:wordpress:wordpress:2.0.7 cpe:/a:wordpress:wordpress:2.0.9 cpe:/a:wordpress:wordpress:2.0.10 cpe:/a:wordpress:wordpress:2.0.11 cpe:/a:wordpress:wordpress:2.1 cpe:/a:wordpress:wordpress:2.1.1 cpe:/a:wordpress:wordpress:2.1.2 cpe:/a:wordpress:wordpress:2.1.3 cpe:/a:wordpress:wordpress:2.2 cpe:/a:wordpress:wordpress:2.2.1 cpe:/a:wordpress:wordpress:2.2.2 cpe:/a:wordpress:wordpress:2.2.3 cpe:/a:wordpress:wordpress:2.5 cpe:/a:wordpress:wordpress:2.5.1 cpe:/a:wordpress:wordpress:2.6 cpe:/a:wordpress:wordpress:2.6.1 CVE-2008-4106 2008-09-18T13:59:33.017-04:00 2017-09-28T21:32:00.197-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-09-19T08:33:00.000-04:00 ALLOWS_OTHER_ACCESS SECTRACK 1020869 BUGTRAQ 20080911 Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability BID 31068 SECUNIA 31737 SECUNIA 31870 SREASON 4272 EXPLOIT-DB 6397 EXPLOIT-DB 6421 VUPEN ADV-2008-2553 DEBIAN DSA-1871 FEDORA FEDORA-2008-7760 FEDORA FEDORA-2008-7902 MLIST [oss-security] 20080911 CVE request: wordpress < 2.6.2 MLIST [oss-security] 20080916 Re: CVE request: wordpress < 2.6.2 CONFIRM http://wordpress.org/development/2008/09/wordpress-262/ MISC http://www.sektioneins.de/advisories/SE-2008-05.txt MISC http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/ WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.