Info

Disclosure

May 27, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

WordPress contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'cat_ID' variable in the 'template-functions-category.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 1.5.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Matt Mullenweg

WordPress

1.5.1

References

Bugtraq ID: 13809
Secunia Advisory ID: 15517
CVE ID: 2005-1810 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-06/0033.html
http://archives.neohapsis.com/archives/bugtraq/2005-06/0035.html
http://marc.theaimsgroup.com/?l=bugtraq&m=111817436619067&w=2
Vendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=94512
Vendor URL: http://wordpress.org/
Other Advisory URL: http://wordpress.org/development/2005/05/security-update/
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200506-04.xml

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/16905