WordPress User-Agent SQL Injection Vulnerability
BID:16950
Info
WordPress User-Agent SQL Injection Vulnerability
| Bugtraq ID: | 16950 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 04 2006 12:00AM |
| Updated: | Mar 08 2006 08:20PM |
| Credit: | Patrik Karlsson <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
WordPress WordPress 1.5.2 Gentoo Linux |
| Not Vulnerable: |
WordPress WordPress 2.0.1 |
Discussion
WordPress User-Agent SQL Injection Vulnerability
WordPress is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This issue affects WordPress version 1.5.2; prior versions may also be affected.
WordPress is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
This issue affects WordPress version 1.5.2; prior versions may also be affected.
Exploit / POC
WordPress User-Agent SQL Injection Vulnerability
An attacker likely uses a web browser to exploit these issues.
An attacker likely uses a web browser to exploit these issues.
Solution / Fix
WordPress User-Agent SQL Injection Vulnerability
Solution:
The vendor has released an updated version of WordPress to address this issue.
Please see the referenced vendor advisories for further information on obtaining fixes.
WordPress WordPress 1.5.2
Solution:
The vendor has released an updated version of WordPress to address this issue.
Please see the referenced vendor advisories for further information on obtaining fixes.
WordPress WordPress 1.5.2
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
References
WordPress User-Agent SQL Injection Vulnerability
References:
References:
- Bugzilla Bug 121661 - www-apps/wordpress SQL Injection (Gentoo)
- WordPress Homepage (WordPress)