Title: WordPress 2.2 (xmlrpc.php) Remote SQL Injection Exploit
Last modified: August 18, 2016

---

# WordPress 2.2 (xmlrpc.php) Remote SQL Injection Exploit

 *  [BOK](https://wordpress.org/support/users/bok/)
 * (@bok)
 * [18 years, 12 months ago](https://wordpress.org/support/topic/wordpress-22-xmlrpcphp-remote-sql-injection-exploit/)
 * Heads up!! Check [milw0rm.com](http://www.milw0rm.com/exploits/4039)
    Any fix
   now or in the works?

Viewing 3 replies - 16 through 18 (of 18 total)

[←](https://wordpress.org/support/topic/wordpress-22-xmlrpcphp-remote-sql-injection-exploit/?output_format=md)
[1](https://wordpress.org/support/topic/wordpress-22-xmlrpcphp-remote-sql-injection-exploit/?output_format=md)
2

 *  [blogcini](https://wordpress.org/support/users/blogcini/)
 * (@blogcini)
 * [18 years, 11 months ago](https://wordpress.org/support/topic/wordpress-22-xmlrpcphp-remote-sql-injection-exploit/page/2/#post-576197)
 * any offical patch link?
 *  Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/)
 * (@otto42)
 * WordPress.org Admin
 * [18 years, 11 months ago](https://wordpress.org/support/topic/wordpress-22-xmlrpcphp-remote-sql-injection-exploit/page/2/#post-576198)
 * BlogCini: It’s already been posted:
    [http://trac.wordpress.org/browser/branches/2.2/xmlrpc.php?rev=5584&format=raw](http://trac.wordpress.org/browser/branches/2.2/xmlrpc.php?rev=5584&format=raw)
 * There is no official release yet, it’ll be in WordPress 2.2.1 which is still 
   in Release Candidate mode.
 * WordPress 2.2.1RC1 is here, if you prefer:
    [http://wordpress.org/wordpress-2.2.1-RC1.zip](http://wordpress.org/wordpress-2.2.1-RC1.zip)
 *  [safeday](https://wordpress.org/support/users/safeday/)
 * (@safeday)
 * [18 years, 7 months ago](https://wordpress.org/support/topic/wordpress-22-xmlrpcphp-remote-sql-injection-exploit/page/2/#post-576253)
 * I’m getting “System Error. Code 123. The filename, directory name, or volume 
   label syntax is incorrect (EOSError)” on initial setup
 * I know that it has something to do with the xmlrpc.php file, but can not figure
   it out. I am trying to use Blog Jet to write my page. I also have the same problem
   with Windows Live Writer.
 * Anyone got a solution

Viewing 3 replies - 16 through 18 (of 18 total)

[←](https://wordpress.org/support/topic/wordpress-22-xmlrpcphp-remote-sql-injection-exploit/?output_format=md)
[1](https://wordpress.org/support/topic/wordpress-22-xmlrpcphp-remote-sql-injection-exploit/?output_format=md)
2

The topic ‘WordPress 2.2 (xmlrpc.php) Remote SQL Injection Exploit’ is closed to
new replies.

## Tags

 * [exploit](https://wordpress.org/support/topic-tag/exploit/)
 * [xmlrpc](https://wordpress.org/support/topic-tag/xmlrpc/)
 * [xmlrpc.php](https://wordpress.org/support/topic-tag/xmlrpc-php/)

 * In: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/)
 * 18 replies
 * 8 participants
 * Last reply from: [safeday](https://wordpress.org/support/users/safeday/)
 * Last activity: [18 years, 7 months ago](https://wordpress.org/support/topic/wordpress-22-xmlrpcphp-remote-sql-injection-exploit/page/2/#post-576253)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics