[Frugalware-git] homepage-ng: FSA702-wordpress
Miklos Vajna
vmiklos at frugalware.org
Sun Dec 12 15:54:02 CET 2010
Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=bba007ca4929c14d324ff5d65f62421fc9e333cf
commit bba007ca4929c14d324ff5d65f62421fc9e333cf
Author: Miklos Vajna <vmiklos at frugalware.org>
Date: Sun Dec 12 15:53:14 2010 +0100
FSA702-wordpress
diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 2b2f88a..fe8cf58 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,19 @@
<fsas>
<fsa>
+ <id>702</id>
+ <date>2010-12-12</date>
+ <author>Miklos Vajna</author>
+ <package>wordpress</package>
+ <vulnerable>3.0.1-1</vulnerable>
+ <unaffected>3.0.2-1haven1</unaffected>
+ <bts>http://bugs.frugalware.org/task/4382</bts>
+ <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4257</cve>
+ <desc>A vulnerability has been reported in WordPress, which can be exploited by malicious users to conduct SQL injection attacks.
+ Input passed via the "Send Trackbacks" field when creating a new post is not properly sanitised in wp-includes/comment.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
+ Successful exploitation of this vulnerability requires "Author-level" permissions.</desc>
+ </fsa>
+ <fsa>
<id>701</id>
<date>2010-12-12</date>
<author>Miklos Vajna</author>
More information about the Frugalware-git
mailing list