[wp-hackers] Security Vulnerability found - Forum Post

Graeme Lennon graeme at samurai.com
Thu Apr 14 00:50:57 GMT 2005

I think people are getting defensive and dismissing this out of hand.
It's not critical, but neither is it nothing at all.

If I get access to the file editor, I get to execute completely
arbitrary PHP code on your server. Which means I can easily compromise
the Apache user on your server, which may mean all sorts of unpleasant


Matthew Mullenweg wrote:
> denis at semiologic.com wrote:
>> - fetch config.php through the file editor
> Incidentally, we don't allow this.

More information about the wp-hackers mailing list