Bug 161278 - www-apps/wordpress (versions <= 2.0.6) wp-trackback.php Remote SQL Injection
|
Bug#:
161278
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: minor
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: keith@email.arizona.edu
|
|
Component: Vulnerabilities
|
|
|
URL:
http://www.milw0rm.com/exploits/3109
|
|
Summary: www-apps/wordpress (versions <= 2.0.6) wp-trackback.php Remote SQL Injection
|
|
Keywords:
|
|
Status Whiteboard: C3 [noglsa]
|
|
Opened: 2007-01-10 05:55 0000
|
Created an attachment (id=106318) [details]
www-apps/wordpress (versions <= 2.0.6) wp-trackback.php Remote SQL Injection
exploit
the first past is wrong, I'm sorry.
this attach contain milw0rm exploit about wp-trackback.php Remote SQL
Injection.
*** Bug 162302 has been marked as a duplicate of this bug. ***
Security team please vote.
the exploit comments say:
"(needs register_globals=on, 4 <= PHP < 4.4.3,< 5.1.4)"
---> trash
i vote No.
agreed, closing
from wordpress.org:
Here are the changes that have been made since 2.0.6:
* Security fix for wp_unregister_GLOBALS() to work around the
zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5
versions less than 5.1.4 with register_globals set to “On.”
[...]
