SQL injection vulnerability in Wordpress
An SQL injection vulnerability in Wordpress may be used to compromise blog systems running the suite. An exploit has been published on Milw0rm which allows unauthorised access to the underlying database through the function wp.suggestCategories in the xmlrpc.php module. This does not filter user parameters correctly, allowing attackers to pass their own commands to the database, for instance to manipulate content or view names and password hashes of other users. Attackers must, however, authenticate themselves to exploit this flaw.
This vulnerability has been discovered in version 2.2, other version are not affected. The user authentication required to exploit it minimises the risk of potential attacks and users are advised to grant write access to the system exclusively to trusted persons. However a patch has been made available.
- Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit, bug description by Slappter
- Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit patch