BlogSecurity » Blog Archive » WP-Download SQL-Injection

Filed Under (Alerts, WordPress) by Philipp on 4 April 2008

WP-Download 1.2 is vulnerable to a SQL-Injection Vulnerability. The dl_id parameter in "wp-download.php" is not correctly sanistised.

An attacker could use this vulnerability to retrieve usernames and passwords and potentially compromise your blog!

This bug has been reported in version 1.2, but it is likely that older versions are affected.

Please upgrade to version 1.2.1 which addresses this issue.

This vulnerability was discovered by BL4CK. A public exploit has been released into the wild and is available on Milw0rm.

Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Comments

Faille de sécurité dans le plugin WP-Download 1.2 (SQL-Injection) at Site Creation on 15 April, 2008 at 11:54 am #

[…] BlogSecurity rapporte une faille de sécurité dans le plugin WP-Download 1.2 WP-Download 1.2 is vulnerable to a SQL-Injection Vulnerability. The dl_id parameter in “wp-download.php” is not correctly sanistised. […]

Comment

Search site:
Welcome to BlogSecurity
- BlogSec is the only organization that deals with social networking and web blog security exclusively.
- Meet the team
- Post/Read News
Secure WordPress
Recent Posts
What you enjoy on BlogSec
- Latest blog news and projects
- Details of recent vulnerabilities
- BlogSec security projects and related content
- Non-technical and general articles
View Results

Name:
Email:
Website:
Message:

Comments

Welcome to BlogSecurity

Secure WordPress

Recent Posts

What you enjoy on BlogSec

Additional WP Resources

Recent Comments

Posts by Category