Sandor Attila Gerendi found a vulnerability within WordPress 2.3.3, which under certain circumstances allows an attacker to run arbitrary PHP code on WordPress 2.3.3.
Input passed via the “cat” parameter to index.php is not properly sanitised in the “get_category_template()” function in wp-includes/theme.php before being used to include files in template-loader.php. This can be exploited to include arbitrary PHP files from local resources via directory traversal attacks.
According to the advisory, successful exploitation allows execution of arbitrary PHP code, but requires privileges to store PHP files on an affected system and that WordPress is installed on a Windows platform.
The vulnerability is confirmed in version 2.3.3.
Solution:
Update to version 2.5.1.
If you wish to patch your 2.3.3 install, please see the WordPress Trac.
Comments
[...] BlogSecurity rapporte une vulnérabilité dans la version 2.3.3 de Wordpress. Vulnérabilité découverte par Sandor Attila Gerendi, elle permet l’exécution de code (PHP) arbitraire. Elle serait mitigée par la nécessité du serveur de tourner sous Windows. Cette vulnérabilité n’est pas présente dans la version 2.5.1 de Wordpress. [...]
[...] Siehe dazu: WordPress 2.3.3 Directory Traversal Vulnerability [...]
[...] en: Blogsecurity.net Etiquetas: actualización, parches, seguridad, [...]
[...] fast forward couple month and we have a nice exploit that gives attackers pretty much full control over your WordPress 2.3.3 blog. And since that [...]
-
Search site:
-
-
Sponsors
Additional WP Resources
