94512 – www-apps/wordpress "cat_ID" SQL Injection Vulnerability

Bug 94512 - www-apps/wordpress "cat_ID" SQL Injection Vulnerability

Summary: www-apps/wordpress "cat_ID" SQL Injection Vulnerability

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Other

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/15517/
Whiteboard:	B3 [glsa] jaervosz
Keywords:

Depends on:
Blocks:	88926
	Show dependency tree

Reported:	2005-05-30 08:33 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2005-06-06 13:53 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-05-30 08:33:54 UTC

Description:
A vulnerability has been reported in WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
 
 Input passed to the "cat_ID" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
 
 The vulnerability has been reported in version 1.5. Other versions may also be affected.

Solution:
Update to version 1.5.1.2.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-05-30 08:35:16 UTC

web-apps please bump.

Comment 2 Aaron Walker (RETIRED) gentoo-dev

2005-05-30 09:14:32 UTC

SuperLag, please bump.  Don't forget to update the metadata.xml with your info.

Comment 3 Aaron Kulbe (RETIRED) gentoo-dev

2005-05-31 09:53:03 UTC

I committed 1.5.1.2 to the tree prior to this bug being created, so this should
be taken care of.

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2005-05-31 13:52:54 UTC

So this is ready too

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-06-06 13:53:17 UTC

GLSA 200506-04