WordPress 0day exploit in all version
Page 1 of 1
WordPress 0day exploit in all version
Description: SQL injection vulnerability in do_trackbacks() function of WordPress allows remote attackers to execute arbitrary SELECT SQL query.
The do_trackbacks() function in wp-includes/comment.php does not properly escape the input that comes from the user, allowing a remote user with publish_posts and edit_published_posts capabilities to execute an arbitrary SELECT SQL query, which can lead to disclosure of any information stored in the WordPress database.
Access Vector: Network
Attack Complexity: Medium
Authentication: Single Instance
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Exploit and more info: http://www.vul.kr
The do_trackbacks() function in wp-includes/comment.php does not properly escape the input that comes from the user, allowing a remote user with publish_posts and edit_published_posts capabilities to execute an arbitrary SELECT SQL query, which can lead to disclosure of any information stored in the WordPress database.
Access Vector: Network
Attack Complexity: Medium
Authentication: Single Instance
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
Exploit and more info: http://www.vul.kr
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» 0day Internet Explorer Exploit Released
» Another 0day exploit in Adobe Flash player
» Linux 2.6.30+/SELinux/RHEL5 test kernel 0day Exploit
» Wordpress Resource Exhaustion Denial of Service Exploit
» Possible new MySQL 0day
» Another 0day exploit in Adobe Flash player
» Linux 2.6.30+/SELinux/RHEL5 test kernel 0day Exploit
» Wordpress Resource Exhaustion Denial of Service Exploit
» Possible new MySQL 0day
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|