GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Jun 06, 2005 8:11 pm Post subject: [ GLSA 200506-04 ] Wordpress: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: Wordpress: Multiple vulnerabilities (GLSA 200506-04)
Severity: normal
Exploitable: remote
Date: June 06, 2005
Updated: May 22, 2006
Bug(s): #88926, #94512
ID: 200506-04
Synopsis
Wordpress contains SQL injection and XSS vulnerabilities.
Background
WordPress is a PHP and MySQL based content management and publishing
system.
Affected Packages
Package: www-apps/wordpress
Vulnerable: < 1.5.1.2
Unaffected: >= 1.5.1.2
Architectures: All supported architectures
Description
Due to a lack of input validation, WordPress is vulnerable to SQL
injection and XSS attacks.
Impact
An attacker could use the SQL injection vulnerabilities to gain
information from the database. Furthermore the cross-site scripting
issues give an attacker the ability to inject and execute malicious
script code or to steal cookie-based authentication credentials,
potentially compromising the victim's browser.
Workaround
There is no known workaround at this time.
Resolution
All Wordpress users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/wordpress-1.5.1.2" |
References
CVE-2005-1102
CVE-2005-1687
CVE-2005-1810
Last edited by GLSA on Fri Feb 21, 2014 4:20 am; edited 7 times in total |
|
News & Announcements
