From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200603-01.xml | 65 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 metadata/glsa/glsa-200603-01.xml (limited to 'metadata/glsa/glsa-200603-01.xml') diff --git a/metadata/glsa/glsa-200603-01.xml b/metadata/glsa/glsa-200603-01.xml new file mode 100644 index 000000000000..42d28bd54cd6 --- /dev/null +++ b/metadata/glsa/glsa-200603-01.xml @@ -0,0 +1,65 @@ + + + + WordPress: SQL injection vulnerability + + WordPress is vulnerable to an SQL injection vulnerability. + + WordPress + 2006-03-04 + 2006-03-04: 01 + 121661 + remote + + + 2.0.1 + 1.5.2 + + + +

+ WordPress is a PHP and MySQL based content management and + publishing system. +

+ + +

+ Patrik Karlsson reported that WordPress 1.5.2 makes use of an + insufficiently filtered User Agent string in SQL queries related to + comments posting. This vulnerability was already fixed in the + 2.0-series of WordPress. +

+ + +

+ An attacker could send a comment with a malicious User Agent + parameter, resulting in SQL injection and potentially in the subversion + of the WordPress database. This vulnerability wouldn't affect WordPress + sites which do not allow comments or which require that comments go + through a moderator. +

+ + +

+ Disable or moderate comments on your WordPress blogs. +

+ + +

+ All WordPress users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.1" + + + CVE-2006-1012 + + + + koon + + + koon + + -- cgit v1.2.3