Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 94512 - www-apps/wordpress "cat_ID" SQL Injection Vulnerability
Summary: www-apps/wordpress "cat_ID" SQL Injection Vulnerability
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Other
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa] jaervosz
Depends on:
Blocks: 88926
  Show dependency tree
Reported: 2005-05-30 08:33 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-06-06 13:53 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-30 08:33:54 UTC
A vulnerability has been reported in WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
 Input passed to the "cat_ID" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
 The vulnerability has been reported in version 1.5. Other versions may also be affected.

Update to version
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-30 08:35:16 UTC
web-apps please bump. 
Comment 2 Aaron Walker (RETIRED) gentoo-dev 2005-05-30 09:14:32 UTC
SuperLag, please bump.  Don't forget to update the metadata.xml with your info.
Comment 3 Aaron Kulbe (RETIRED) gentoo-dev 2005-05-31 09:53:03 UTC
I committed to the tree prior to this bug being created, so this should
be taken care of.
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-05-31 13:52:54 UTC
So this is ready too
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-06-06 13:53:17 UTC
GLSA 200506-04