[VIM] Vendor ACK for PHPWordPress
Steven M. Christey
coley at mitre.org
Sun Jan 15 01:57:03 EST 2006
Re: CVE-2005-3844
CONFIRM: http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181
A critical vulnerability has been found in phpWordPress, which can
be exploited by malicious people to conduct SQL injection attacks.
The vulnerability allows attackers to manipulate input passed to the
"poll", "category", and "ctg" parameters in "index.php". This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.
- Steve
======================================================
Name: CVE-2005-3844
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3844
Reference: MISC:http://pridels.blogspot.com/2005/11/phpwordpress-30-sql-inj.html
Reference: FRSIRT:ADV-2005-2594
Reference: URL:http://www.frsirt.com/english/advisories/2005/2594
Reference: SECUNIA:17733
Reference: URL:http://secunia.com/advisories/17733
SQL injection vulnerability in phpWordPress PHP News and Article
Manager 3.0 allows remote attackers to execute arbitrary SQL commands
via the (1) poll and (2) category parameters to index.php, and (3) the
ctg parameter in an archive action.
More information about the VIM
mailing list