Sql injection in WordPress 2.1.2

2007-03-0900:00:00

vulners.com

JSON

Hello,

There is a sql injection in WordPress 2.1.2 (and maybe others) .
A user with "add link" permission (Editor/Administrator) can do this :

The '$new_cat' variable in "wp_set_link_cats()" function is not checked
properly before be used in the sql query :

File /wp-admin/admin-db.php, Line 472 :

                    $wpdb-&gt;query&#40;&quot;
                            INSERT INTO $wpdb-&gt;link2cat &#40;link_id, category_id&#41;
                            VALUES &#40;$link_ID, $new_cat&#41;&quot;&#41;;

Omid

JSON