WordPress.org

Make WordPress Core

Opened 15 years ago

Closed 14 years ago

Last modified 14 years ago

#4322 closed defect (bug) (fixed)

Sql injection blind fishing exploit

Reported by: DrHallows Owned by:
Milestone: 2.0.11 Priority: highest omg bbq
Severity: critical Version: 2.1.3
Component: Security Keywords: security, bug
Focuses: Cc:

Description

BIG security bug in "admin-ajax.php" sql injection blind fishing exploit
More info on: http://www.waraxe.us/ftopict-1780.html#7560

Attachments (1)

test.php (11.3 KB) - added by DrHallows 15 years ago.

Download all attachments as: .zip

Change History (5)

@DrHallows
15 years ago

#1 @markjaquith
15 years ago

  • Keywords security added; securtiy removed
  • Milestone changed from 2.2.1 to 2.0.11
  • Resolution set to fixed
  • Status changed from new to closed

Fixed for 2.2, 2.0.11 (soon to be released) and in trunk for 2.3

[5440]

[5441]

[5442]

#2 follow-up: @hvdkamer
14 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

According to this page:

"None of these are safe to use, except the latest in the 2.0 or 2.1 series, which are both actively maintained."

However version 2.1.3 is still not patched for this bug?

#3 in reply to: ↑ 2 @westi
14 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

Replying to hvdkamer:

According to this page:

"None of these are safe to use, except the latest in the 2.0 or 2.1 series, which are both actively maintained."

However version 2.1.3 is still not patched for this bug?

2.1.3 will not be patched.

The only security supported versions are 2.0.x and 2.2.x

This fix is in 2.2.1 which has just gone RC.

Note: See TracTickets for help on using tickets.