Full title: Transposh WordPress Translation 1.0.8.1 SQL Injection Vulnerability 
Category: web applications
Platform: php
Transposh WordPress Translation versions 1.0.8.1 and below have a "tp_editor" page at "/wp-admin/admin.php?page=tp_editor" that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters "order" and "orderby" is processed by the web application.

# 0day.today @ http://0day.today/