| Bug ID | 1022445 |
|---|---|
| Summary | VUL-1: CVE-2017-5611: wordpress: SQLi when passing unsafe data |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.2 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Ref: http://seclists.org/oss-sec/2017/q1/217 ============================================ WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we've added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo). https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb ============================================ Assigned: CVE-2017-5611 https://software.opensuse.org/package/wordpress 4.6.1 version for TW|42.(1|2) in server:php:applications repo.