Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WordPress < 2.0.4 SQLi

Medium

Synopsis

The remote web server contains a script that is vulnerable to a SQL injection attack.

Description

The remote host is running WordPress blog, a web blog manager written in PHP. The remote version of this software is vulnerable to various flaws that may allow an attacker to perform a SQL injection attack against the remote host. Successful exploitation would allow an attacker to read/write confidential data as well as potentially execute arbitrary code on the remote database.

In addition, the remote host is vulnerable to multiple Cross-Site Scripting (XSS) flaws.

Solution

Upgrade to WordPress 2.0.4, or later.