WordPress 'template-functions-category.php' 'cat_ID' Parameter SQL Injection

The version of WordPress installed on the remote host fails to properly sanitize user-supplied input to the 'catID' variable in the 'template-functions-category.php' script. This failure may allow an attacker to influence database queries resulting in the disclosure of sensitive information. Note...

CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...