Comments on: WordPress Upload File Plugin SQL Injection

By: Nick

Nick — Tue, 03 Jun 2008 09:53:49 +0000

I tried to look for the plugin mentioned, but no joy, there's no reference to that file in the official plug-in svn either.

Andrea_R — Mon, 02 Jun 2008 17:27:18 +0000

It appears to releate to a specific plugin, not wordpress itself.

DK — Mon, 02 Jun 2008 16:00:24 +0000

Nick, your not missing anything at all. I assume they mean the upload page under wp-admin, however, the advisory is very vague.

Nick — Mon, 02 Jun 2008 14:09:04 +0000

Maybe I’m missing something, but wp-uploadfile.php doesn’t appear to be a valid WP file?