Mailinglist Archive: opensuse-bugs (4258 mails)

< Previous Next >
[Bug 1022445] New: VUL-1: CVE-2017-5611: wordpress: SQLi when passing unsafe data
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Sat, 28 Jan 2017 21:23:48 +0000
  • Message-id: <bug-1022445-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1022445


Bug ID: 1022445
Summary: VUL-1: CVE-2017-5611: wordpress: SQLi when passing
unsafe data
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Ref: http://seclists.org/oss-sec/2017/q1/217
============================================
WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.
WordPress core is not directly vulnerable to this issue, but we've added
hardening to prevent plugins and themes from accidentally causing a
vulnerability. Reported by Mo Jangda (batmoo).

https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
============================================

Assigned: CVE-2017-5611

https://software.opensuse.org/package/wordpress

4.6.1 version for TW|42.(1|2) in server:php:applications repo.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >