CVE-2009-4748 Information

Description

SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.

Reference

http://packetstormsecurity.org/0907-exploits/wpmco-sql.txt http://www.exploit-db.com/exploits/9150 http://www.securityfocus.com/bid/35704 https://exchange.xforce.ibmcloud.com/vulnerabilities/51727