AbiusX
AbiusX
Aug 29, 2017 · 1 min read

I reported the same vulnerability exactly a year ago. It was discovered using my PHP Analyzer (based on PHP Emulator), and was reported to the WP team. They merely dismissed it.

Joomla has the exact same problem in its SQL preparation, and that report is already available on Github. That one was reported 18 months ago, and dismissed as well.

)
    AbiusX

    Written by

    AbiusX

    #infosec #security #expert / #OWASP Iran Chapter Leader / #phpowasp PHP Security #phprbac #rbac #cmu #uva