#20489 closed defect (bug) (invalid)
PCI Compliance/Wordpress SQL Injection Vulnerability
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | General | Version: | |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Hello,
SecurityMetrics is failing my site because there is an SQL injection vulnerability.
Here is a recent email from SecurityMetrics:
The website http://www.texasfrightmareweekend.com/ currently has several SQL injection and Cross Site Scripting vulnerabilities that are flagging. I was able to validate that user input is not being sanitized. If you go to this link:
You can see that I was able to inject a script command into the search field of the page and the server responded by creating the alert box.
In order to resolve these issues the website will need to be sanitizing all user input, including the URL itself. This means that any special characters that are entered by a user are dynamically changed by the website or create an error.
Once you have been able to sanitize the site we need to run a new scan to reflect those changes. You are able to start a new scan at any time from your account summary page by using the 'run' button, or if you prefer we are happy to start a scan at your request.
If you have any questions please let us know. Our support staff is available 24 hours a day at 801.705.5700, or you are welcome to reply to this email.
Is there a fix for this?
Change History (3)
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
Also, please post in the support forums next time: http://wordpress.org/support/
The fix is to use the_search_query() instead of echo get_query_var('s') in your theme. You can see an example in the bundled Twentyeleven theme.