CVE-2005-3844 Information

Description

SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php and (3) the ctg parameter in an archive action.

Reference

http://forum.word-press.net/index.php?&showtopic=76&st=0&entry181 http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html http://secunia.com/advisories/17733 http://www.osvdb.org/21110 http://www.securityfocus.com/bid/15582 http://www.vupen.com/english/advisories/2005/2594