Wordspew Plugin for Wordpress Print
Written by Rebecca Mints   
Monday, 04 February 2008 02:15

Wordspew Plugin for Wordpress "id" SQL Injection Vulnerability

[email protected] has reported a vulnerability in the Wordspew plugin for Wordpress, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the parameter "id" in wordspew-rss.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution: Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by: [email protected]

Original Advisory: http://milw0rm.com/exploits/5039

Critical: Elevated

Moderately critical

Impact: Manipulation of data

Where: From remote

Software: Wordspew (plugin for Wordpress) 3.x