One of the more popular blogging software packages out there, WordPress, is susceptible to a remote SQL injection attack. The upgrade to 2.2 apparently fixes this problem.
From Secunia:
Description:
Janek Vind has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct SQL injection attacks.Input passed to the “cookie” parameter in wp-admin/admin-ajax.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows e.g. retrieving administrator password hashes, but requires knowledge of the database table prefix.
The vulnerability is confirmed in version 2.1.3. Prior versions may also be affected.
Solution:
Update to version 2.2.
This will work on standard installs but, some folks may have messed with their database table prefix.
🙂
[tags]Wordpress, WordPress Database, SQL Injection, WordPress Vulnerability[/tags]
