// archives

sql injection

This tag is associated with 1 posts

Security Focus SQL Injection Bogus


Since people are asking, this so-called alert on Security Focus appears to be completely false and has no information that an attacker or the WordPress developers could use. It is completely content-free, except for making claims that every version of WP since 2.0 is vulnerable.

Online, apparently, it’s fine for someone to run into a crowded theatre and yell “fire” and the less basis there is in fact the more people link to them. It’s not uncommon to see crying-wolf reports like the above several times in a week, and a big part of what the WP security team is sifting through things to see what’s valid or not.

A valid security report looks like this, it usually includes sample code and a detailed description of the problem. The WP security team was notified of the KSES problem and it was fixed in 2.5. You can impress your friends by saying whether a security report is valid or not, so it’s a good critical facility to pick up.

Share

Categories

Register/Login

Register and Participate

Registration to this website is free. Feel free to use and explore the features of the website. You are welcome to participate and interact with us in the forum. If you have concerns that you want us to know you can easily contact us using this link. By registering in this website, your account will allow you to login and participate in the forum and to access additional information that is only available to registered users. We are keeping this website to be informative for us and to our users.

Syndication

feeds


There was an Analytics API service error 403: Error calling GET https://www.googleapis.com/analytics/v3/management/accounts/468110/webproperties/UA-468110-5/profiles: (403) User does not have sufficient permissions for this account.Error - Account ID is blank
0
Unique
Visitors
Powered By Google Analytics