ID OSVDB:4609 Type osvdb Reporter Seth Alan Woolley(seth@tautology.org) Modified 2003-10-02T13:36:23
Description
Vulnerability Description
WordPress contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'order_by' and 'cat' variable in the 'blog.header.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.
Solution Description
Upgrade to version 0.72 RC1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
WordPress contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'order_by' and 'cat' variable in the 'blog.header.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.
Vendor URL: http://wordpress.org/
Secunia Advisory ID:9937
Other Advisory URL: http://packetstormsecurity.nl/0310-exploits/cafelog.txt
Nessus Plugin ID:11866
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/0109.html
Bugtraq ID: 8756
{"type": "osvdb", "published": "2003-10-02T13:36:23", "href": "https://vulners.com/osvdb/OSVDB:4609", "hashmap": [{"key": "affectedSoftware", "hash": "57cef624b190d0828164a65c34a96d32"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "94b8872b3eaa234a3f7fc9b596e14425"}, {"key": "href", "hash": "37af659c830b2db8898fcc78c0624360"}, {"key": "modified", "hash": "b0904751e7a96c14e7520448b137a1fb"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "b0904751e7a96c14e7520448b137a1fb"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "6b00f29c99e5dbde8b86c907acdb5e05"}, {"key": "title", "hash": "cd96931654418cacdbe1c220d061c9f3"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 0, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "Seth Alan Woolley(seth@tautology.org)", "title": "WordPress blog.header.php Multiple Variable SQL Injection", "affectedSoftware": [{"operator": "eq", "version": "0.71", "name": "WordPress"}], "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "vulnersScore": 7.5}, "references": [], "id": "OSVDB:4609", "hash": "44a75e6b2fb39ee4cee4097b3bb2dae2f0aad952a57d841d2f23f8f988c4d70f", "lastseen": "2017-04-28T13:19:59", "cvelist": [], "modified": "2003-10-02T13:36:23", "description": "## Vulnerability Description\nWordPress contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'order_by' and 'cat' variable in the 'blog.header.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.\n## Solution Description\nUpgrade to version 0.72 RC1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nWordPress contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'order_by' and 'cat' variable in the 'blog.header.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.\n## Manual Testing Notes\nhttp://[victim]/index.php?order_by=100)%09or%090=0%09or%09(0=1\nhttp://[victim]/index.php?cat=100)%09or%090=0%09or%09(0=1\n## References:\nVendor URL: http://wordpress.org/\n[Secunia Advisory ID:9937](https://secuniaresearch.flexerasoftware.com/advisories/9937/)\nOther Advisory URL: http://packetstormsecurity.nl/0310-exploits/cafelog.txt\n[Nessus Plugin ID:11866](https://vulners.com/search?query=pluginID:11866)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/0109.html\nBugtraq ID: 8756\n"}
