Signature Detail

Short Name	HTTP:SQL:INJ:WP-MULTIPLE
Severity	Medium
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	WordPress Multiple SQL Injection Vulnerabilities
Release Date	2011/08/04
Update Number	1967
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: WordPress Multiple SQL Injection Vulnerabilities

This signature detects attempts to exploit a known vulnerability in WordPress. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Extended Description

WordPress is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress 3.1.3 and 3.2-RC1 are vulnerable; prior versions may also be affected.

Affected Products

Red Hat Fedora 14
Red Hat Fedora 15
WordPress 3.1
WordPress 3.1.1
WordPress 3.1.2
WordPress 3.1.3
WordPress 3.2-RC1

References

BugTraq: 48521
URL: http://wordpress.org/news/2011/06/wordpress-3-1-4/
URL: https://www.sec-consult.com/files/20110621-0_wordpress_multiple_sqli.txt
URL: http://www.wordpress.org

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: WordPress Multiple SQL Injection Vulnerabilities

Extended Description

Affected Products

References