Description
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery SQL Injection (3.2.10)
WordPress Plugin Nextend Google Connect Cross-Site Scripting (1.5.0)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3273)
WordPress Plugin Calculated Fields Form Cross-Site Scripting (1.0.353)
Internet Information Services Other Vulnerability (CVE-2001-0333)