WordPress.org

Ready to get started?Download WordPress

Forums

WordPress <= 2.3.1 Charset Remote SQL Injection Vulnerability (3 posts)

  1. Fairrluez
    Member
    Posted 6 years ago #

    Hello,

    I found a instruction for a exploit on a well-known exploit page. This exploit should work with WordPress <= 2.3.1. I report it already under report bug. But i think that is much more important as a normal bug because. The page with the instruction for that exploit is really well-known. Is it possible to report this directly to somebody who can check if its important and should be fixed fast or not?

    Thank you

    Sorry for my bad english

  2. Alex Concha
    Member
    Posted 6 years ago #

    WordPress developers are aware of this problem [1].

    By the way, this bug will only work if your use Big5, GBK or SJIS as the database encoding (DB_CHARSET value).

    [1] http://trac.wordpress.org/ticket/5455

  3. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    By the way, this bug will only work if your use Big5, GBK or SJIS as the database encoding (DB_CHARSET value).

    For those people that don't know what this means: You're probably not affected by this problem. The exploit only works if you've changed your character set on your blog to use characters of Big5 (Taiwan, Hong Kong, and Macau), GBK (simplified Chinese characters), or Shift-JIS (Japanese characters).

    The default character set is UTF-8, and if you didn't explicitly change this to one of these others, you are not vulnerable.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.