WordPress "cache_lastpostdate" PHP Code Insertion - Website Hosting - VPS Hosting - Domain Registration Ireland

#1 (permalink)

12-08-05, 09:34 AM

niall

Junior Member

Join Date: May 2004

Posts: 18

WordPress "cache_lastpostdate" PHP Code Insertion

A vulnerability has been discovered in wordpress, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "cache_lastpostdate" parameter via cookies is not properly sanitised before being used. This can be exploited to inject arbitrary PHP script code.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability has been confirmed in version 1.5.1.3. Other versions may also be affected.

« Gallery PostNuke Integration Security Issue | Drupal XML-RPC PHP Code Execution Vulnerability »

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
phpMyFAQ XML-RPC Nested XML Tags PHP Code Execution	niall	Security Notices	0	17-08-05 11:41 AM
phpAdsNew XML-RPC PHP Code Execution Vulnerability	niall	Security Notices	0	01-07-05 10:05 AM
Drupal PHP Code Execution Vulnerabilities	niall	Security Notices	0	30-06-05 11:00 AM
Serendipity XML-RPC Unspecified PHP Code Execution Vuln.	niall	Security Notices	0	30-06-05 10:57 AM
PostNuke XML-RPC Library PHP Code Execution Vulnerability	niall	Security Notices	0	30-06-05 10:53 AM

All times are GMT. The time now is 07:35 PM.