Description
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200506-04.xml
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=94512
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111817436619067&w=2
Patch third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15517
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/16905
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13809
Vendor Advisory x_refsource_confirm
http://wordpress.org/development/2005/05/security-update/
Scores
EPSS
0.0164
EPSS Percentile
82.2%
Details
Status
published
Products (1)
wordpress/wordpress
1.5.1
Published
Jun 01, 2005
Tracked Since
Feb 18, 2026