[wp-trac] Re: [WordPress Trac] #4690: Wordpress options.php SQL Injection Vulnerability

WordPress Trac wp-trac at lists.automattic.com
Tue Jul 31 21:46:55 GMT 2007


#4690: Wordpress options.php SQL Injection Vulnerability
-------------------------------------+--------------------------------------
 Reporter:  BenjaminFlesch           |        Owner:  Nazgul     
     Type:  defect                   |       Status:  assigned   
 Priority:  high                     |    Milestone:  2.3 (trunk)
Component:  Security                 |      Version:  2.2.1      
 Severity:  major                    |   Resolution:             
 Keywords:  has-patch needs-testing  |  
-------------------------------------+--------------------------------------
Changes (by Nazgul):

  * keywords:  needs-patch => has-patch needs-testing
  * owner:  anonymous => Nazgul
  * status:  new => assigned

Comment:

 Patch adds the missing $wpdb->escapes, which should fix this issue.

 It could use some extensive testing for regression bugs though.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4690#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list