this post was submitted on 04 Apr 2024
73 points (98.7% liked)

Cybersecurity

5410 readers
203 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
73
Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection (www.darkreading.com)
submitted 5 months ago by Lanky_Pomegranate530@midwest.social to c/cybersecurity@sh.itjust.works
9 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] higgsboson@dubvee.org 22 points 5 months ago (1 children)

The vulnerability is due to "insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query," according to Wordfence.

"This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database," the company said.

Ohh yes, little Bobby Tables.

[–] folkrav@lemmy.ca 13 points 5 months ago (1 children)

What a convoluted way they chose to say “we didn’t use a prepared statement” lol

[–] Limeey@lemmy.world 5 points 5 months ago* (last edited 5 months ago)

Wordfence is a security and vulnerability monitor for Wordpress. The flaw is in the plugin “layerslider”