A SQL Injection vulnerability has been reported in WordPress by the Balsec Team. The advisory is lacking alot of detail.
This post will be updated as new information is made available.
Enjoy the article? Please take a second to:
Digg it! |
StumbleUpon it!
Comments
Nick on 2 June, 2008 at 3:09 pm #
Maybe I’m missing something, but wp-uploadfile.php doesn’t appear to be a valid WP file?
DK on 2 June, 2008 at 5:00 pm #
Nick, your not missing anything at all. I assume they mean the upload page under wp-admin, however, the advisory is very vague.
Andrea_R on 2 June, 2008 at 6:27 pm #
It appears to releate to a specific plugin, not wordpress itself.
Nick on 3 June, 2008 at 10:53 am #
I tried to look for the plugin mentioned, but no joy, there’s no reference to that file in the official plug-in svn either.
Comment
-
Search site:
-
-
Sponsors
Additional WP Resources
