|
Description
|
|
It indicates a attacker attempted an SQL Injection attack against phpWordPress. phpWordPress contains multiple flaws that may allow an attacker to carry out SQL injection attacks. The flaws can be found in the "poll", "category", and "ctg" parameters in "index.php" which are not properly validated before being used in SQL queries. A successful exploit can allow an attacker to execute SQL queries against the database.
|
|
|
|
Impact
|
|
Disclosure or Modification of sensitive data
|
|
|
|
Affected Products
|
|
phpWordPress phpWordPress 3.0
|
|
Aliases
|
PHP.phpWordPress.Sql.Injection.A
PHP.phpWordPress.Sql.Injection.B
PHP.phpWordPress.Sql.Injection.C
|
|
References
|
http://www.securityfocus.com/bid/15582
http://pridels.blogspot.com/2005/11/phpwordpress-30-sql-inj.html
|
|
Recommended Actions
|
|
Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.
|
