SQL Injection Vulnerability in GaMerZ WP-Stats Plugin by WordPress
CVE-2006-0238

Currently unrated

Key Information:

Vendor: WordPress
Status: WP-stats
Vendor: CVE Published:; 18 January 2006

Summary

The GaMerZ WP-Stats plugin version 2.0 for WordPress is vulnerable to SQL injection through the 'author' parameter of the wp-stats.php script. This vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized access to the database or sensitive information. It underscores the importance of securing input fields to prevent injection attacks and highlights the need for regular updates to ensure web application security.

References

http://www.lesterchan.net/blogs/archives/2006/01/18/wp-st...

x_refsource_CONFIRM

http://osvdb.org/ref/22/22450-wpstats.txt

x_refsource_MISC

http://www.vupen.com/english/advisories/2006/0192

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Jan 18, 2006
Vulnerability Reserved
Jan 18, 2006