[wp-trac] Re: [WordPress Trac] #3938: Possible SQL injection vuln.
Apostrophe in post creates SQL error
WordPress Trac
wp-trac at lists.automattic.com
Sat Mar 10 02:17:14 GMT 2007
#3938: Possible SQL injection vuln. Apostrophe in post creates SQL error
-----------------------------------------------------------------+----------
Reporter: knowtown | Owner: anonymous
Type: defect | Status: reopened
Priority: high | Milestone:
Component: Security | Version: 2.1.1
Severity: critical | Resolution:
Keywords: reporter-feedback dev-feedback apostrophe sql error |
-----------------------------------------------------------------+----------
Changes (by charleshooper):
* keywords: apostrophe sql error => reporter-feedback dev-feedback
apostrophe sql error
* priority: normal => high
* component: General => Security
* severity: normal => critical
* summary: apostrophe in post creates database SQL error => Possible SQL
injection vuln. Apostrophe in post creates SQL
error
Comment:
Do we know that for a fact? Had the cracker modified the way posts were
escaped than this would be a prime example of that.
Some feedback from someone who has more details of what had been changed
would be helpful.
Regardless, as far as I know 2.1.2 was not only an emergency release due
to the cracker but it also added a new security fix, more information is
available at http://markjaquith.wordpress.com/2007/03/03/wordpress-212-
is-a-mandatory-upgrade/
Upgrade to 2.1.2 and report back to us.
--
Ticket URL: <http://trac.wordpress.org/ticket/3938#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list