[原文]SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.
<PRODUCT> contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the article comment function not properly sanitizing user-supplied input to the HTTP user-agent header. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
Upgrade to version 2.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.