[wp-trac] [WordPress Trac] #10841: admin-ajax.php SQL INJECTION!!
WordPress Trac
wp-trac at lists.automattic.com
Tue Nov 3 08:39:51 UTC 2009
#10841: admin-ajax.php SQL INJECTION!!
-----------------------------+----------------------------------------------
Reporter: ulgaming | Owner: westi
Type: defect (bug) | Status: assigned
Priority: highest omg bbq | Milestone: 2.9
Component: Security | Version: 2.8.4
Severity: blocker | Keywords: sql injection
-----------------------------+----------------------------------------------
Comment(by hakre):
Things which might be helpfull: Start admin, get the list of hooks
regsitered for admin-ajax, review the code for places where wpdb is used.
WPDB must use the prepare (not the escape) member to properly escape
values.
Is it possible for the reporter to have 2.8.5 run and test wether this
still applies or not?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10841#comment:>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list