Jump to content

Recommended Posts

Posted

From: Secunia (http://secunia.com/advisories/25345/)

Rating: Moderately critical

 

Description:

Janek Vind has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

 

Input passed to the "cookie" parameter in wp-admin/admin-ajax.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

 

Successful exploitation allows e.g. retrieving administrator password hashes, but requires knowledge of the database table prefix.

 

The vulnerability is confirmed in version 2.1.3. Prior versions may also be affected.

 

Solution:

Update to version 2.2.

 

Wordpress 2.2 was released on May 16. For those who missed the announcement, please click here.

Posted

But where they aren't clear is whether prior versions of the 2.1.x code line could be affected, or whether prior versions of 2.0.x code line might be affected as well.

Posted

Does TC have any control over the Fantastico on here? I mean I just installed WP via Fantastico to play with it and I am aware it is out of date but many people just install stuff from Fantastico and don't bother to check if it's the latest version or even check for updates in the future.

Posted

No, that's gets updated by the Fantastico people. And they are usually at least one rev behind most of the time. I always do manual installs. It's not that difficult.

Posted

I was thinking more of TC adding a notice on the Fantastico page saying that the scripts offered are possibly out of date and that the person installing should check for updates once the script has been installed as it is easier to update than to install from scratch.

Posted

Since cPanel updates are pushed out constantly there is no current method to add comments to it. Maybe a future version of cPanel will allow for comments to be added generically so notifications can be added easily.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...