Info

Disclosure

Jul 31, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-reading.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Solution: Workaround, Patch, Upgrade
Exploit: Exploit Available
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, WordPress has released an unofficial patch to address this vulnerability listed in the Trac ticket.

Products

WordPress

2.2.1

References

Vendor Specific News/Changelog Entry: http://trac.wordpress.org/ticket/4690
Other Advisory URL: http://lists.debian.org/debian-security-announce/2008/msg00138.html
http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse ...... [ Link is 404 ]
ISS X-Force ID: 35719
Secunia Advisory ID: 30013
CVE ID: 2007-4154 (see also: NVD)

Credit

Benjamin Flesch -

Direct URL: http://osvdb.org/36218