thr3ads.net - Secure testing team - [Secure-testing-team] Bug#605603: wordpress: Author level SQL injection vulnerability fixed in 3.0.2 [Dec 2010]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Dominic Hargreaves

2010-Dec-01 18:09 UTC

[Secure-testing-team] Bug#605603: wordpress: Author level SQL injection vulnerability fixed in 3.0.2

Package: wordpress
Version: 3.0.1-2
Severity: grave
Tags: security
Justification: user security hole

3.0.2 includes an update which appears to fix an SQL injection attack:

<http://codex.wordpress.org/Version_3.0.2>
<http://core.trac.wordpress.org/changeset/16625>

This looks worthy of an update for squeeze. Note that the other updates
in 3.0.2 also include various security hardening issues so it may be
most appropriate to upload 3.0.2 itself for squeeze.

Secure testing team - Dec 2010 - Bug#605603: wordpress: Author level SQL injection vulnerability fixed in 3.0.2

[Secure-testing-team] Bug#605603: wordpress: Author level SQL injection vulnerability fixed in 3.0.2