security issue sql injection on last version?

  • Resolved dotbusiness

    (@dotbusiness)


    1 year ago

    On an updated website I found some errors like the following one on php logs.

    [07-Mar-2024 00:45:31 UTC] WordPress database error Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8mb4_unicode_520_ci,COERCIBLE) for operation ‘like’ for query
    SELECT SQL_CALC_FOUND_ROWS wp_posts.ID
    FROM wp_posts
    WHERE 1=1 AND (((wp_posts.post_title LIKE ‘%100\\% Pass Quiz SASInstitute – A00-470 Accurate Exam Lab Questions ?? Easily obtain free download of ? A00-470 ? by searching on 《 https://www.pdfvce.com 》 ??New A00-470 Dumps Sheet%’) OR (wp_posts.post_excerpt LIKE ‘%100\\% Pass Quiz SASInstitute – A00-470 Accurate Exam Lab Questions ?? Easily obtain free download of ? A00-470 ? by searching on 《 https://www.pdfvce.com 》 ??New A00-470 Dumps Sheet%’) OR (wp_posts.post_content LIKE ‘%100\\% Pass Quiz SASInstitute – A00-470 Accurate Exam Lab Questions ?? Easily obtain free download of ? A00-470 ? by searching on 《 https://www.pdfvce.com 》 ??New A00-470 Dumps Sheet%’))) AND (wp_posts.post_password = ”) AND ((wp_posts.post_type = ‘post’ AND (wp_posts.post_status = ‘publish’ OR wp_posts.post_status = ‘wc-pd-pending-status’)) OR (wp_posts.post_type = ‘page’ AND (wp_posts.post_status = ‘publish’ OR wp_posts.post_status = ‘wc-pd-pending-status’)) OR (wp_posts.post_type = ‘attachment’ AND (wp_posts.post_status = ‘publish’ OR wp_posts.post_status = ‘wc-pd-pending-status’)) OR (wp_posts.post_type = ‘project’ AND (wp_posts.post_status = ‘publish’ OR wp_posts.post_status = ‘wc-pd-pending-status’)) OR (wp_posts.post_type = ‘product’ AND (wp_posts.post_status = ‘publish’ OR wp_posts.post_status = ‘wc-pd-pending-status’)) OR (wp_posts.post_type = ‘announcement’ AND (wp_posts.post_status = ‘publish’ OR wp_posts.post_status = ‘wc-pd-pending-status’)))

    ORDER BY (CASE WHEN wp_posts.post_title LIKE ‘%100\\% Pass Quiz SASInstitute – A00-470 Accurate Exam Lab Questions ?? Easily obtain free download of ? A00-470 ? by searching on 《 https://www.pdfvce.com 》 ??New A00-470 Dumps Sheet%’ THEN 2 ELSE 6 END), wp_posts.post_date DESC
    LIMIT 0, 5
    made by require(‘wp-blog-header.php’), wp, WP->main, WP->query_posts, WP_Query->query, WP_Query->get_posts, W3TC\DbCache_WpdbNew->query, W3TC\DbCache_WpdbInjection_QueryCaching->query, W3TC\_CallUnderlying->query, W3TC\DbCache_WpdbNew->query, W3TC\DbCache_WpdbInjection->query, W3TC\DbCache_WpdbNew->default_query

    It seems to start from W3TC cache and from there starts an SQL query which can be a SQL injection.

    Thanks

Viewing 1 replies (of 1 total)
  • Plugin Contributor Marko Vasiljevic

    (@vmarko)

    Hello

    The problem is that all tables do not use compatible collations. As WordPress is not very strict with collations, your own WordPress website might also use different collations on different tables.
    To eliminate this error, we have to convert all tables to use compatible collations. It’s usually best to use only one collation for all of them.?With WordPress 4.2.0?the collation?utf8mb4?became the new standard. All database tables created after this update will be created with one of these collation variants.

    I would advise checking this with your hosting provider or trying this plugin that also fixes this issue by changing the collation of all columns in your database to use the same algorithm, removing the “mix” of collations.

    I hope this helps!

    Thanks!

Viewing 1 replies (of 1 total)
  • The topic ‘security issue sql injection on last version?’ is closed to new replies.