CVE-2006-2667

by Fred · 30/05/2006

Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.

Date published : 2006-05-30

http://www.securityfocus.com/bid/18372

http://www.securityfocus.com/archive/1/435039/100/0/threaded

CVE-2006-2667

Similar

Recent Posts

Categories

CVE-2006-2667

Share this:

Similar

Recent Posts

Categories

Tags