FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- remote sql injection vulnerability

Affected packages
wordpress < 2.2.3,1
de-wordpress < 2.2.3
zh-wordpress < 2.2.3
wordpress-mu < 1.2.4,2

Details

VuXML ID 63347ee7-6841-11dc-82b6-02e0185f8d72
Discovery 2007-09-10
Entry 2007-09-21

Alexander Concha reports:

While testing WordPress, it has been discovered a SQL Injection vulnerability that allows an attacker to retrieve remotely any user credentials from a vulnerable site, this bug is caused because of early database escaping and the lack of validation in query string like parameters.

[source]

References

CVE Name CVE-2007-4894
URL http://www.buayacorp.com/files/wordpress/wordpress-sql-injection-advisory.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.