First published: Thu Dec 02 2010(Updated: )
An improper input sanitization flaw was found in the way Wordpress performed trackbacks (a way to notify a website when an entry that references it is published) maintainance. A remote attacker, with Author-level privilege could use this flaw to conduct SQL injection attacks (gain further access to the site, which should be otherwise prohibited). References: [1] <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603</a> [2] <a href="http://codex.wordpress.org/Version_3.0.2">http://codex.wordpress.org/Version_3.0.2</a> Upstream changeset: [3] <a href="http://core.trac.wordpress.org/changeset/16625">http://core.trac.wordpress.org/changeset/16625</a> Note: You may want to use w3m browser, when trying to access [2], and [3], as we are having troubles / timeouts, when accessing it via firefox / konqueror. Will post a copy of upstream patch here.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress WordPress | <=3.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.