Faille de sécurité dans Wordpress 2.5, une rumeur ?
Depuis quelques jours, une rumeur traîne sur une faille de sécurité dans la dernière version de Wordpress 2.5. Rumeur entretenue par Security Focus :
WordPress is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
WordPress 2.5 is vulnerable; other versions may also be affected.
Matt a répondu sur son blog :
Since people are asking, this so-called alert on Security Focus appears to be completely false and has no information that an attacker or the WordPress developers could use. It is completely content-free, except for making claims that every version of WP since 2.0 is vulnerable.
Online, apparently, it’s fine for someone to run into a crowded theatre and yell “fire” and the less basis there is in fact the more people link to them. It’s not uncommon to see crying-wolf reports like the above several times in a week, and a big part of what the WP security team is sifting through things to see what’s valid or not.
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.