[wp-hackers] FW: Sql injection in WordPress 2.1.2
Ross M. W. Bennetts
ross.bennetts at une.edu.au
Mon Mar 12 01:19:15 GMT 2007
-----Original Message-----
From: Omid [mailto:omid at hackers.ir]
Sent: Saturday, 10 March 2007 2:46 AM
To: bugtraq at securityfocus.com
Subject: Sql injection in WordPress 2.1.2
Hello,
There is a sql injection in WordPress 2.1.2 (and maybe others) .
A user with "add link" permission (Editor/Administrator) can do this :
The '$new_cat' variable in "wp_set_link_cats()" function is not checked
properly before be used in the sql query :
File /wp-admin/admin-db.php, Line 472 :
$wpdb->query("
INSERT INTO $wpdb->link2cat (link_id, category_id)
VALUES ($link_ID, $new_cat)");
- Omid
More information about the wp-hackers
mailing list