TCH-Thomas 25 Posted May 30, 2005 Share Posted May 30, 2005 Secunia writes... Description:A vulnerability has been reported in WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "cat_ID" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability has been reported in version 1.5. Other versions may also be affected. Solution: Update to version 1.5.1.2. http://wordpress.org/download/ Quote Link to post Share on other sites
TCH-Bruce 16 Posted May 30, 2005 Share Posted May 30, 2005 Well, now I guess I better find time to upgrade. Thanks Thomas. Quote Link to post Share on other sites
John Carney 0 Posted May 30, 2005 Share Posted May 30, 2005 Well, now I guess I better find time to upgrade. Thanks Thomas. <{POST_SNAPBACK}> They have instructions at the site for adding one line to one file, as an alternate to downloading and upgrading the whole package: 1. Open the wp-includes/template-functions-category.php file in a text editor like Wordpad. 2. Go to around line 103 where it says get_the_category_by_ID. 3. Create a new line after that and paste in $cat_ID = (int) $cat_ID; Quote Link to post Share on other sites
TCH-Thomas 25 Posted May 30, 2005 Author Share Posted May 30, 2005 Thanks for the info, John Carney. Quote Link to post Share on other sites
TCH-Bruce 16 Posted May 30, 2005 Share Posted May 30, 2005 Yes, John, thanks for the info! Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.