Comment Rating Plugin for WordPress 'id' Parameter SQL Injection Vulnerability - Input Validation Error
Comment Rating Plugin for WordPress 'id' Parameter SQL Injection Vulnerability
Recently when we run a symantec server scan on our server, we got a warning like "Comment Rating Plugin for WordPress 'id' Parameter SQL Injection Vulnerability" and it was listed under "Insufficient User Input Validation" class.
Comment Rating Plugin ( Bob King Comment Rating 2.9.23 ) for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ck-processkarma.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Vulnerable version of plugin : Bob King Comment Rating 2.9.23 ( http://wealthynetizen.com ). other versions may also be affected.
Bug Type : Input Validation Error ( Insufficient User Input Validation )
How this works?
Wordpress Comment Rating plugin version 2.9.23 is prone to SQL injection vulnerability. Attackers can use a browser to exploit this issue. The flaws are caused by improper validation of user-supplied input via the 'id' parameter to '/wp-content/plugins/comment-rating/ck-processkarma.php',which allows attackers to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation will allow attacker to perform SQL Injection attack and gain sensitive information.
The following example attack URI is available:
http://WWW.YOUR_WEBSITE.COM/wp-content/plugins/comment-rating/ck-processkarma.php?path=1&action=1&id=1%20and%201=2%20--%20
This bug is reported on BugTraq http://www.securityfocus.com/bid/46482/info
How to fix?
Updates are available. Upgrade to version 2.9.24 or higher, as it has been reported to fix this vulnerability.
Download and install the latest plugin from http://wealthynetizen.com/wordpress-plugin-comment-rating/
Or Update with the latest Rating Wordpress plugin at http://wordpress.org/extend/plugins/comment-rating
Recently when we run a symantec server scan on our server, we got a warning like "Comment Rating Plugin for WordPress 'id' Parameter SQL Injection Vulnerability" and it was listed under "Insufficient User Input Validation" class.Comment Rating Plugin ( Bob King Comment Rating 2.9.23 ) for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ck-processkarma.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Vulnerable version of plugin : Bob King Comment Rating 2.9.23 ( http://wealthynetizen.com ). other versions may also be affected.
Bug Type : Input Validation Error ( Insufficient User Input Validation )
How this works?
Wordpress Comment Rating plugin version 2.9.23 is prone to SQL injection vulnerability. Attackers can use a browser to exploit this issue. The flaws are caused by improper validation of user-supplied input via the 'id' parameter to '/wp-content/plugins/comment-rating/ck-processkarma.php',which allows attackers to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation will allow attacker to perform SQL Injection attack and gain sensitive information.
The following example attack URI is available:
http://WWW.YOUR_WEBSITE.COM/wp-content/plugins/comment-rating/ck-processkarma.php?path=1&action=1&id=1%20and%201=2%20--%20
This bug is reported on BugTraq http://www.securityfocus.com/bid/46482/info
How to fix?
Updates are available. Upgrade to version 2.9.24 or higher, as it has been reported to fix this vulnerability.
Download and install the latest plugin from http://wealthynetizen.com/wordpress-plugin-comment-rating/
Or Update with the latest Rating Wordpress plugin at http://wordpress.org/extend/plugins/comment-rating
