[wp-trac] [WordPress Trac] #3126: SQL Injection
WordPress Trac
wp-trac at lists.automattic.com
Tue Sep 12 21:53:59 GMT 2006
#3126: SQL Injection
----------------------+-----------------------------------------------------
Reporter: Ecko | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone:
Component: Security | Version: 2.0.4
Severity: minor | Keywords:
----------------------+-----------------------------------------------------
The following was recently posted on a Security Focus mailing list.
index.php?paged=/archive/-1-5-2-Create%20Table
which will result in the following error output:
WordPress database error: [You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right syntax
to use near '-10, 10' at line 1]
SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <= '2006-09-12
21:05:59' AND (post_status = "publish" OR post_author = 1 AND post_status
!= 'draft' AND post_status != 'static') AND post_status != "attachment"
GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT -10, 10
Is there currently a patch to fix this bug?
--
Ticket URL: <http://trac.wordpress.org/ticket/3126>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list