Aug 13
WordPress Vulnerability
Posted by Slobokan @ 14:30 · 75 words · print
A command execution vulnerability has been found in WordPress's handling of incoming cookie information which allows remote attackers to cause the program to execute arbitrary code if the PHP settings of register_globals has been set to On.
Already a perl and php exploit is available. It affects WordPress version 1.5.1.3 and before when register_globals is set to On. The information has been provided by Kartoffelguru.
WordPress developers are working on a fix.
[Source: Simple Thoughts]
Sphere: Related ContentPosted In: Programming
Comments are closed.