[wp-trac] [WordPress Trac] #5455: Charset SQL Injection
Vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Tue Dec 11 08:38:17 GMT 2007
#5455: Charset SQL Injection Vulnerability
-----------------------+----------------------------------------------------
Reporter: pishmishy | Owner: pishmishy
Type: defect | Status: new
Priority: normal | Milestone: 2.5
Component: Security | Version: 2.4
Severity: normal | Keywords:
-----------------------+----------------------------------------------------
Mis-escaping of queries in a non-utf8 encoding, can cause an opportunity
for SQL injection attacks. I believe the problem is supposed to be in
escape().
(See http://packetstormsecurity.org/0712-exploits/wordpresscharset-
sql.txt)
--
Ticket URL: <http://trac.wordpress.org/ticket/5455>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list