[wp-trac] [WordPress Trac] #4690: Wordpress options.php SQL Injection Vulnerability

WordPress Trac wp-trac at lists.automattic.com
Tue Jul 31 20:07:37 GMT 2007

#4690: Wordpress options.php SQL Injection Vulnerability
 Reporter:  BenjaminFlesch   |       Owner:  anonymous
     Type:  defect           |      Status:  new      
 Priority:  highest omg bbq  |   Milestone:           
Component:  Security         |     Version:  2.2.1    
 Severity:  critical         |    Keywords:           
 Read here
 beginning from the second point, in short:

 in options.php the parameter page_options isnt filtered, patch:

 case 'update':
         $any_changed = 0;


 *        if ( preg_match("/['\"<>]/", $_POST['page_options']) )
 *               wp_die(__('Cheatin&#8217; uh?'));

 add the lines marked with a star in options.php.

 Additionally, because of this Persistant XSS and information disclosure by
 opening options.php directly in the browser may occur. Better stop the
 database dump.

Ticket URL: <http://trac.wordpress.org/ticket/4690>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list