Release date:
Updated on:
Affected Systems:
WordPress WP Bannerize Plugin 2.x
Description:
--------------------------------------------------------------------------------
WordPress is a Blog (Blog, Blog) engine developed using the PHP language and MySQL database. you can create your own Blog on servers that support PHP and MySQL databases.
WordPress has the input verification vulnerability in the implementation of the Donation plug-in. Remote attackers can exploit this vulnerability to execute SQL attacks.
Pass to wp-content/plugins/wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg/exporttocsv. php input is not properly filtered and used in SQL queries.
<* Source: Miroslav Stampar
Link: http://unconciousmind.blogspot.com/2011/08/wordpress-wp-bannerize-plugin-286-sql.html
Http://unconciousmind.blogspot.com/2011/08/wordpress-donation-plugin-10-sql.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://wordpress.org/