Hi Steffen, * Steffen Joeris <[EMAIL PROTECTED]> [2007-12-14 09:55]: > Package: wordpress > Severity: important [...] > SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 > and earlier allows remote attackers to execute arbitrary SQL commands > via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or > possibly other character set encodings that support a "\" in a multibyte > character.
Note that the debian package of wordpress does not setup the DB with any of there character encodings. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpzeLyEZvNOa.pgp
Description: PGP signature
