Monday, February 04, 2008 9:11 AM
cmosby
Wordspew Plugin for Wordpress "id" SQL Injection Vulnerability - Advisories - Secunia
Wordspew Plugin for Wordpress "id" SQL Injection Vulnerability
Secunia Advisory:
SA28767
Release Date:
2008-02-04
Critical:
Moderately critical
Impact:
Manipulation of data
Where:
From remote
Solution Status:
Unpatched
Software:
Wordspew (plugin for Wordpress) 3.x
Description:
S@BUN has reported a vulnerability in the Wordspew plugin for Wordpress, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the parameter "id" in wordspew-rss.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
S@BUN
Original Advisory:
http://milw0rm.com/exploits/5039
Source: Wordspew Plugin for Wordpress "id" SQL Injection Vulnerability - Advisories - Secunia
Filed under: Blogging