On one of my websites I have a wordpress installation. After an Acunetix (which searches for website vulnerabilities) scan, it was found that my main index was open to SQL injections. Details here:
Blind SQL/XPath injection
This script is possibly vulnerable to SQL/XPath Injection attacks.
SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters.
This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.
XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.
This vulnerability affects /.
The impact of this vulnerability
An unauthenticated attacker may execute arbitrary SQL/XPath statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.
The GET variable page_id is vulnerable.
My WordPress version is 2.5
- The topic ‘Security problem’ is closed to new replies.