Release date:
Updated on: 2012-11-19
Affected Systems:
WordPress Tagged Albums
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56569
WordPress is a Blog engine developed using the PHP language and MySQL database. you can create your own Blog on servers that support PHP and MySQL databases.
WordPress Tagged Albums plugin has the SQL injection vulnerability. Attackers can exploit this vulnerability to control applications, access or modify data, and exploit other vulnerabilities in lower-level databases.
<* Source: Ashiyane Digital Security Team
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/wp-content/plugins/taggedalbums/image.php? Id = [SQL]
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://wordpress.org/