post-page

Photo Album Plugin Vulnerabilities

9
responses
by
 
on
February 21st, 2008
in
WordPress Plugins, WordPress Security

S@BUN is at it again, this time, reporting multiple SQL Injection Vulnerabilities within the Photo Album plugin for WordPress. According to the security bulletin:

Multiple vulnerabilities have been identified in Photo Album (plugin for WordPress), which could be exploited by remote attackers to execute arbitrary SQL queries. These issues are caused by input validation errors in the “wppa.php” script when passing user-supplied parameters (e.g. “photo” or “album”) to certain functions (e.g. “wppa_album_name()” or “wppa_photo_name()”), which could be exploited by malicious people to conduct SQL injection attacks.

Multiple security advisory services places this round of vulnerabilities as a Moderate Risk. For example, FrSIRT describes the Moderate risk as being:

Remotely and locally exploitable flaws, which could lead to denial of Service or privilege escalation.

Versions 1.1 and prior of this plugin are vulnerable. As always, it is recommended that you disable this plugin until a patch for it is released.

[EDIT] Version 1.1 is a fix for this vulnerability. Versions 1.0 and prior might be vulnerable.

heading
9
Responses

 

Comments

  1. LobsterMan (2 comments.) says:

    As the author of the plugin, I’m pretty sure that 1.1 is secure. 1.1 is a security release to fix the issues mentioned. I had a few people contact me about the issues, and I had some people look at the 1.1 code.
    If someone can prove that version 1.1 is vulnerable, please contact me ASAP. if not, please post a clarification.

  2. ChaosKaizer (62 comments.) says:

    @LobsterMan – clarifications, u ever heard of milw0rm. pronto

  3. Otto (215 comments.) says:

    Inaccurate. 1.1 fixes these problems. See the original security advisory here:

    http://secunia.com/advisories/28988/

    Note this:
    Solution: Update to version 1.1.



Trackbacks/Pingbacks

  1. [...] you have been doing so, you better read this release from Weblog Tools Collection. It’s been reported that there had been multiple SQL injection vulnerabilities within the [...]

  2. [...] | Weblog Tools Collection Febrero 23rd, [...]

  3. [...] a creare un album (dice di averlo aggiunto ma … nisba!) e non ho trovato risposte all’allarme sicurezza relativo. Disattivato. This was written by farmando. Posted on Saturday, February 23, 2008, at 11:51 pm. [...]

  4. [...] the news that WordPress Photo Album plugin potentially contains a security vulnerability, I decided it was probably time that I took stock of my increasingly long plugins list and removed [...]

Obviously Powered by WordPress. © 2003-2013

page counter
css.php