Potential Script Issue Related To An Event
-
First of all, thank you for the wonderful help you provided previously. The reason for this support request is that my client whose site I have your plugin installed on had an email sent to him from the security he has through his hosting, SiteLock. He was notified of a CGI script that could become vulnerable to a SQL injection and in that message it linked to an event created through your plugin. Seeing how the technical details pointed to an event being vulnerable to a SQL injection I was wondering if you could verify if this has anything to do with the plugin or not, and if so, if you might have a fix for it.
Here is the information regarding the technical details of this script issue:
Using the GET HTTP method, SiteLock found that :
+ The following resources may be vulnerable to blind SQL injection :
+ The ‘rest_route’ parameter of the / CGI :
/?event=yoga-class-2-13-4-2-6&page_id=54&feed=rss2&rest_route=%2fzzyoga-
class-2-13-4-2-6&page_id=54&feed=rss2&rest_route=%2fyy——– output ——–
HTTP/1.1 200 OK
——– vs ——–
HTTP/1.1 404 Not Found
————————I know you probably have a lot on your plate, but seeing the seriousness of this and the information received I would greatly appreciate if you could let me know if this issue is related to your plugin or not.
- The topic ‘Potential Script Issue Related To An Event’ is closed to new replies.
