Make WordPress Core

Opened 17 years ago

Closed 17 years ago

#3126 closed defect (bug) (invalid)

SQL Injection

Reported by: ecko's profile Ecko Owned by:
Milestone: Priority: high
Severity: minor Version: 2.0.4
Component: Security Keywords:
Focuses: Cc:


The following was recently posted on a Security Focus mailing list.


which will result in the following error output:

WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1]
SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <= '2006-09-12 21:05:59' AND (post_status = "publish" OR post_author = 1 AND post_status != 'draft' AND post_status != 'static') AND post_status != "attachment" GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT -10, 10

Is there currently a patch to fix this bug?

Change History (1)

#1 @Nazgul
17 years ago

  • Resolution set to invalid
  • Status changed from new to closed

Next time you reference a mailing list, please include a link to it.
I'm assuming you're talking about this one (Bugtraq):

It has been discussed both at the support forum ( and on the wp-hackers mailing list (
On both locations this has been identified as a non-issue.

Note: See TracTickets for help on using tickets.