If you use NextGEN Gallery, now would be a good time to update.
More than 1 million websites running the WordPress content management system may be vulnerable to hacks that allow visitors to snatch password data and secret keys out of databases, at least under certain conditions.
The vulnerability stems from a "severe" SQL injection bug in NextGEN Gallery, a WordPress plugin with more than 1 million installations. Until the flaw was recently fixed, NextGEN Gallery allowed input from untrusted visitors to be included in WordPress-prepared SQL queries. Under certain conditions, attackers can exploit the weakness to pipe powerful commands to a Web server's backend database.
"This is quite a critical issue," Slavco Mihajloski, a researcher with Web security firm Sucuri, wrote in a blog post published Monday. "If you're using a vulnerable version of this plugin, update as soon as possible."
To exploit the vulnerability, attackers would have to create a feature found in the PHP programming language known as the $container_ids string. Untrusted visitors could achieve this against sites that use the NextGEN Basic TagCloud gallery feature by making slight modifications to the gallery URL.
"With this knowledge, an unauthenticated attacker could add extra sprintf/printf directives to the SQL query and use $wpdb->prepare's behavior to add attacker controlled code to the executed query," Monday's blog post explained.
(Score: 0) by Anonymous Coward on Sunday March 05 2017, @03:32PM
[...] attackers would have to create a feature found in the PHP programming language [...]
So an attacker would have to add a feature to PHP? Who would've thunk!
(Score: 2) by bradley13 on Sunday March 05 2017, @09:29PM
SQL injection. Programmer Kindergarten. 'nuf said.
Everyone is somebody else's weirdo.
(Score: 2) by bob_super on Sunday March 05 2017, @09:43PM (2 children)
> exploit the weakness to pipe powerful commands
Most of TFS seems written for people who know this stuff...
Is "powerful commands" an actual specific technical term I missed?
(Score: 2) by edIII on Monday March 06 2017, @04:45PM (1 child)
Don't think so. I think they just mean that SQL language can be powerful. Duh, yeah, it's responsible for working with the data, so it's "powerful".
select * from bob_super_dark_secrets;
In this case the select is that power command I guess. Or delete. Delete could fuck up your day plenty.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1) by ncc74656 on Monday March 06 2017, @07:07PM
Bobby Tables knows a thing about that: https://xkcd.com/327/ [xkcd.com], which the authors of this so-called "NextGen Gallery" obviously don't have on their walls.
(Score: 0) by Anonymous Coward on Monday March 06 2017, @02:39AM (1 child)
This pile of junk apparently has a critical flaw in it every week.
(Score: 0) by Anonymous Coward on Monday March 06 2017, @04:05AM
php - maybe, wordpress - for sure, what else did you expect? ;-)