[wp-trac] Re: [WordPress Trac] #4357: Apply [5570] int cast to 2.2
branch
WordPress Trac
wp-trac at lists.automattic.com
Wed Jun 6 16:36:37 GMT 2007
#4357: Apply [5570] int cast to 2.2 branch
-----------------------+----------------------------------------------------
Reporter: drhallows | Owner: anonymous
Type: defect | Status: closed
Priority: high | Milestone: 2.2.1
Component: Security | Version: 2.2.1
Severity: major | Resolution: fixed
Keywords: |
-----------------------+----------------------------------------------------
Comment (by westi):
Replying to [comment:4 Otto42]:
> Note: Exploit code for this (fixed) bug is in the wild:
>
> http://www.milw0rm.com/exploits/4039
> http://wordpress.org/support/topic/120857
>
> This bug enabled Remote SQL Injection.
> Might want to put the latest 2.2 out there quickly?
If I read this correctly - isn't the exploit only viable if you have a
valid username/password combo to use as there is a login check.
It is therefore only really serious for blogs with user registration
enabled.
--
Ticket URL: <http://trac.wordpress.org/ticket/4357#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list