New Wordpress exploit, version 2.0.6

To anyone who has `register_global` turned on for PHP versions 4 thru 4.4.3,< 5.1.4, update your Wordpress; 2.0.7RC1 is available. The exploit takes advantage of code flaws in wp-trackback.php.... again, allowing a SQL injection admin hash disclosure.

Thanks dominik at the Basecamp for the heads up. I don't need to update this time though.. :p

Posted by Marcin on Thursday, January 11, 2007 in Security.