Replies: 0
I ran an OWASP scan on our wordpress server and it seems to have picked up an issue with the file fields. I had a look through the code and it seems to sanitise the filename with wp_unique_filename. Any idea why it saying that it fails?
High (Medium) SQL Injection
Description
SQL injection may be possible.
URL <removed>
Method POST
Parameter file-academictranscript
Attack test_file.txt AND 1=1 —