User: Password:
Subscribe / Log in / New account

OpenPKG alert OpenPKG-SA-2007.021 (wordpress)

From:  OpenPKG GmbH <>
Subject:  [OpenPKG-SA-2007.021] OpenPKG Security Advisory (wordpress)
Date:  Fri, 8 Jun 2007 17:57:02 +0200

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ____________________________________________________________________________ Publisher Name: OpenPKG GmbH Publisher Home: Advisory Id (public): OpenPKG-SA-2007.021 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: Advisory Document: Advisory Published: 2007-06-08 17:56 UTC Issue Id (internal): OpenPKG-SI-20070608.01 Issue First Created: 2007-06-08 Issue Last Modified: 2007-06-08 Issue Revision: 04 ____________________________________________________________________________ Subject Name: wordpress Subject Summary: Content Management System Subject Home: Subject Versions: 2.2.* <= 2.2.0 Vulnerability Id: none Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: manipulation of data Description: A vendor-confirmed [0] SQL-injection vulnerability in version 2.2 of the CMS WordPress [1] was exploited [2]. The problem is caused by the lack of proper input filtering in the function wp_suggestCategories() of the WordPress XML-RPC API. For exploiting the bug the WordPress user authentication has to be enabled and the attacker is required to be authenticated. References: [0] [1] [2] ____________________________________________________________________________ Primary Package Name: wordpress Primary Package Home: Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community CURRENT wordpress-2.2-20070608 ____________________________________________________________________________ For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from or retrieve from the OpenPGP keyserver at hkp:// Follow the instructions at for more details on how to verify the integrity of this document. ____________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG GmbH <> iD8DBQFGaXxIZwQuyWG3rjQRAgXnAKCL/Atg3yOG4yoGMmhNsL3MqHw8MACcCfZE qtubrUmobK62QQ066i5VdkA= =eDwi -----END PGP SIGNATURE----- ______________________________________________________________________ OpenPKG Announcement List

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds