[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Sql injection in WordPress 2.1.2

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Sql injection in WordPress 2.1.2
From: "Omid" <omid@xxxxxxxxxx>
Date: Fri, 09 Mar 2007 19:15:33 +0330

Hello,

There is a sql injection in WordPress 2.1.2 (and maybe others) .
A user with "add link" permission (Editor/Administrator) can do this :

The '$new_cat' variable in "wp_set_link_cats()" function is not checked
properly before be used in the sql query :

File /wp-admin/admin-db.php, Line 472 :

                        $wpdb->query("
                                INSERT INTO $wpdb->link2cat (link_id, 
category_id)
                                VALUES ($link_ID, $new_cat)");


- Omid

Follow-Ups:
- Re: Sql injection in WordPress 2.1.2
  - From: steven

Prev by Date: Re: [Full-disclosure] Microsoft Windows Vista/2003/XP/2000 file management security issues
Next by Date: [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability
Previous by thread: SyScan'07 - Call for Paper - NEW UPDATES
Next by thread: Re: Sql injection in WordPress 2.1.2
Index(es):
- Date
- Thread