Red Hat Bugzilla – Bug 659265
CVE-2010-4257 Wordpress: SQL injection flaw by processing trackbacks
Last modified: 2013-04-04 20:35:56 EDT
An improper input sanitization flaw was found in the way Wordpress
performed trackbacks (a way to notify a website when an entry that
references it is published) maintainance. A remote attacker,
with Author-level privilege could use this flaw to conduct
SQL injection attacks (gain further access to the site, which
should be otherwise prohibited).
Note: You may want to use w3m browser, when trying to access ,
and , as we are having troubles / timeouts, when accessing
it via firefox / konqueror. Will post a copy of upstream patch
This issue affects the version of the wordpress package, as shipped
with Fedora release of 13 and 14.
This issue affects the version of the wordpress package, as present
within EPEL-5 repository.
Please schedule an update.
Created attachment 464225 [details]
Promised local copy of upstream changeset
Created wordpress tracking bugs for this issue
Affects: fedora-all [bug 659319]
The CVE identifier of CVE-2010-4257 has been assigned to this issue.