WordPress contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'order_by' and 'cat' variable in the 'blog.header.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.
Upgrade to version 0.72 RC1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
WordPress contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'order_by' and 'cat' variable in the 'blog.header.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.
http://[victim]/index.php?order_by=100)%09or%090=0%09or%09(0=1 http://[victim]/index.php?cat=100)%09or%090=0%09or%09(0=1
Vendor URL: http://wordpress.org/ Secunia Advisory ID:9937 Other Advisory URL: http://packetstormsecurity.nl/0310-exploits/cafelog.txt Nessus Plugin ID:11866 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/0109.html Bugtraq ID: 8756