WordPress WP Photo Album Plugin *photo* SQL Injection

Posted on Wednesday, February 20, 2008 @ 18:15:38 CST in Security
by Raven

SECUNIA ADVISORY ID: SA28988

VERIFY ADVISORY: http://secunia.com/advisories/28988/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

SOFTWARE: WP Photo Album (WPPA) 1.x (plugin for WordPress) http://secunia.com/product/17641/

DESCRIPTION: A vulnerability has been reported in the WP Photo Album (WPPA) plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "photo" parameter in the WordPress installation's index.php script is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.0. Prior versions may also be affected.

SOLUTION: Update to version 1.1.

PROVIDED AND/OR DISCOVERED BY: Reported by S@BUN

ORIGINAL ADVISORY: http://milw0rm.com/exploits/5135
 
 
click Related        click Share
 
News ©

Site Info

Last SeenLast Seen
  • vashd1
  • neralex
Server TrafficServer Traffic
  • Total: 513,767,543
  • Today: 100,896
Server InfoServer Info
  • Apr 28, 2025
  • 12:53 am CDT
 
 

Site Navigation