wordpress
Page content
- Author: Miklos Vajna
- Vulnerable: 3.0.1-1
- Unaffected: 3.0.2-1haven1
A vulnerability has been reported in WordPress, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the “Send Trackbacks” field when creating a new post is not properly sanitised in wp-includes/comment.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires “Author-level” permissions.
- Bug Tracker URL: http://bugs.frugalware.org/task/4382