[wp-trac] [WordPress Trac] #11779: SQL injection is possible in ms-edit.php?
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 6 19:49:27 UTC 2010
#11779: SQL injection is possible in ms-edit.php?
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version: 3.0
Severity: critical | Keywords:
-------------------------------+--------------------------------------------
in addition to not getting the handy strip_slashes_deep(), we have a
completely unsanitized query:
{{{
// update blogs table
$result = $wpdb->query( "UPDATE {$wpdb->blogs} SET
domain = '".$_POST[ 'blog' ][
'domain' ]."',
path = '".$_POST[ 'blog' ][ 'path'
]."',
registered = '".$_POST[ 'blog' ][
'registered' ]."',
public = '".$_POST[ 'blog' ][
'public' ]."',
archived = '".$_POST[ 'blog' ][
'archived' ]."',
mature = '".$_POST[ 'blog' ][
'mature' ]."',
deleted = '".$_POST[ 'blog' ][
'deleted' ]."',
spam = '".$_POST[ 'blog' ][ 'spam'
]."'
WHERE blog_id = '$id'" );
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11779>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list