Title: SQL Injection Vulnerability
Last modified: August 20, 2016

---

# SQL Injection Vulnerability

 *  [computercourage](https://wordpress.org/support/users/computercourage/)
 * (@computercourage)
 * [13 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-vulnerability-2/)
 * Is there any truth to this claim about the Toolbox theme? [http://osvdb.org/show/osvdb/88293](http://osvdb.org/show/osvdb/88293)
 * It claims:
    “Toolbox Theme for WordPress contains a flaw that may allow an attacker
   to carry out an SQL injection attack. The issue is due to the /wp-content/Themes/
   toolbox/include/flyer.php script not properly sanitizing user-supplied input 
   to the ‘mls’ parameter. This may allow an attacker to inject or manipulate SQL
   queries in the back-end database, allowing for the manipulation or disclosure
   of arbitrary data.”
 * Can anyone elaborate on this, whether it’s been fixed, or how one can patch it?

Viewing 1 replies (of 1 total)

 *  [Konstantin Obenland](https://wordpress.org/support/users/obenland/)
 * (@obenland)
 * [13 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-vulnerability-2/#post-3314173)
 * I’m not sure where this is coming from, but if you download the theme you’ll 
   find that there is no `/include/flyer.php` file in the package.
 * For future reference: If you happen to find a security vulnerability in one of
   our services, we would appreciate letting us know before disclosing the issue
   publicly at:
    [http://automattic.com/security/](http://automattic.com/security/)
 * Thanks!

Viewing 1 replies (of 1 total)

The topic ‘SQL Injection Vulnerability’ is closed to new replies.

 * ![](https://i0.wp.com/themes.svn.wordpress.org/toolbox/1.4/screenshot.png)
 * Toolbox
 * [Support Threads](https://wordpress.org/support/theme/toolbox/)
 * [Active Topics](https://wordpress.org/support/theme/toolbox/active/)
 * [Unresolved Topics](https://wordpress.org/support/theme/toolbox/unresolved/)
 * [Reviews](https://wordpress.org/support/theme/toolbox/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Konstantin Obenland](https://wordpress.org/support/users/obenland/)
 * Last activity: [13 years, 3 months ago](https://wordpress.org/support/topic/sql-injection-vulnerability-2/#post-3314173)
 * Status: not resolved