WordPress Cookie cache_lastpostdate Variable Arbitrary PHP Code Execution
Vulnerability Description
WordPress contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to functions.php not properly sanitizing user input supplied in the cache_lastpostdate cookie. This may allow an attacker to include PHP code that contains arbitrary commands which will be executed by the vulnerable script.
Solution Description
Upgrade to version 1.5.1.4 or higher, as it has been reported to fix this vulnerability. It is also possible to protect from the flaw by implementing the following workaround: set the register_globals PHP option to ’off’.
Products affected:
Matt Mullenweg Word Press 1.5.1
Matt Mullenweg Word Press 1.5.1.2
Matt Mullenweg Word Press 1.5.1.3
Matt Mullenweg Word Press 1.5
Vulnerability classification:
Remote vulnerability
Input manipulation attack
Impact on integrity
Exploit available
Verified
External references:
Vendor URL: http://wordpress.org/
Secunia Advisory ID: 16386
Generic Exploit URL: http://www.securiteam.com/unixfocus/5BP0G00GLK.html
Bugtraq ID: http://www.securityfocus.com/bid/14533
Nessus Script ID: 19414
Security Mail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=112361397032495&w=2
Start discussion »
Skriv ett svar