SQL Injection Vulnerability in wpBlog
- SQL Injection Vulnerability in wpBlog
- Last Update
- 2006.04.14 Exploitation code published
- Risk Level
- SQL Injection
- Unpatched. No reply from developer(s)
- Vulnerable Software
- wpBlog (http://www.wireplastik.com/)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
SQL Injection found in wpBlog (http://www.wireplastik.com/) script.Vulnerable script: index.php
Parameter postid is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
PoC/ExploitSQL Injection Example:
Solution for "SQL Injection Vulnerability in wpBlog" is not available. Check vendor's website for updates.
Order Source Code Audit
Check your site by source code analysis of your website made by our team.The work will be done by specialists in website security.