[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <df2d38266ad39d64a9698c02006cb78c.hackers@hackers.ir>
Date: Fri, 09 Mar 2007 19:15:33 +0330
From: "Omid" <omid@...kers.ir>
To: <bugtraq@...urityfocus.com>
Subject: Sql injection in WordPress 2.1.2
Hello,
There is a sql injection in WordPress 2.1.2 (and maybe others) .
A user with "add link" permission (Editor/Administrator) can do this :
The '$new_cat' variable in "wp_set_link_cats()" function is not checked
properly before be used in the sql query :
File /wp-admin/admin-db.php, Line 472 :
$wpdb->query("
INSERT INTO $wpdb->link2cat (link_id, category_id)
VALUES ($link_ID, $new_cat)");
- Omid
Powered by blists - more mailing lists