WordPress vulnerability to sql injection | ww.wp.xz.cn

denwist
(@denwist)

8 years, 8 months ago

Good day!
My wife uses wordpress. Recently I noticed there is a vulnerability to SQL-injection. It is enough to enable debugging: /wp-config.pxp [define (‘WP_DEBUG’, true);] and in the address bar put a single quote and see the following http://sokolov-denis.com/images/fix/sql-error.png

Is there a new update that closes this hole in security?

I tested on different version php 5.3-7.1. MySQL 5.6.

The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

8 years, 8 months ago

1. https://make.ww.wp.xz.cn/core/handbook/testing/reporting-security-vulnerabilities/

2. I can’t reproduce that. With wp_debug enabled, http://example.com/’ or http://example.com/” properly produces a 404.

Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

8 years, 8 months ago

additional note: PHP 5.3? That’s well past EOL. You should be using at least 5.6 and, preferably, 7.0 or 7.1.

Paul Gilzow
(@gilzow)

8 years, 7 months ago

what theme or plugins are you using? The problem is most likely being generated by one of them. Your php stack trace should indicate which file specifically the problem originated from.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘WordPress vulnerability to sql injection’ is closed to new replies.

Tags

sql injection

In: Fixing WordPress
3 replies
3 participants
Last reply from: Paul Gilzow
Last activity: 8 years, 7 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics