WordPress Post_ID Parameter SQL Injection Vulnerability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wordpress (Ubuntu) |
Fix Released
|
Undecided
|
MOTU SWAT | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: wordpress
WordPress Post_ID Parameter SQL Injection Vulnerability
Bugtraq ID: 23294
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Apr 03 2007 12:00AM
Updated: Apr 05 2007 03:52PM
Credit: <email address hidden> is credited with the discovery of this vulnerability.
Vulnerable: WordPress WordPress 2.1.2
WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
WordPress 2.1.2 is vulnerable to this issue; other versions may also be affected
Attackers can use a browser to exploit this issue.
The following proof-of-concept exploit is available:
http://
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:<email address hidden>.
References:
* WordPress Homepage (WordPress) http://
CVE References
Changed in wordpress: | |
status: | Confirmed → Fix Released |
Solution:
Update to version 2.1.3.