[VIM] Recipe theme SQL injection unlikely

Steven M. Christey coley at mitre.org
Wed Feb 20 21:54:14 UTC 2008

Researcher: S at BUN

Ref: Wordpress Plugin (wp-content/recipe) SQL Injection

BID thinks this is from:


However, wordspew-rss.php doesn't exist in that distribution, and this
was probably a cut-and-paste error from CVE-2008-0682, which was about
Wordspew (and confirmed by the vendor by the way, see

In addition, the Google-dork points to live sites that use programs
such as viewRecipe.php, which isn't in the TemplatePanic theme.  Also,
the TemplatePanic theme doesn't seem to use SQL, at least not

So, if there's an SQL injection in some recipe module somewhere, we
don't know what module or program it is.

- Steve

More information about the VIM mailing list