TUCoPS :: Web :: Blogs :: c07-2593.htm

Sql injection in WordPress 2.1.2
Sql injection in WordPress 2.1.2
Sql injection in WordPress 2.1.2


Hello,

There is a sql injection in WordPress 2.1.2 (and maybe others) .
A user with "add link" permission (Editor/Administrator) can do this :

The '$new_cat' variable in "wp_set_link_cats()" function is not checked
properly before be used in the sql query :

File /wp-admin/admin-db.php, Line 472 :

			$wpdb->query("
				INSERT INTO $wpdb->link2cat (link_id, category_id)
				VALUES ($link_ID, $new_cat)");


- Omid

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH