[wp-hackers] [daniel.leidert.spam@gmx.net: Debian Wordpress package exploitable by GeSHi local PHP file inclusion?]

Robert Deaton false.hopes at gmail.com
Fri Sep 30 02:55:25 GMT 2005


This looks like a problem with Geshi, which is apparently a mod for
WordPress that adds some sort of syntax highlighting, and is unrelated
to WordPress itself since Geshi is vunerable on multiple platforms.

On 9/29/05, Kai Hendry <hendry at iki.fi> wrote:
> Is this a Wordpress security issue?
>
> I grepped around for geshi and didn't find anything.
>
> ----- Forwarded message from Daniel Leidert <daniel.leidert.spam at gmx.net> -----
>
> From: Daniel Leidert <daniel.leidert.spam at gmx.net>
> To: Kai Hendry <hendry at iki.fi>
> Subject: Debian Wordpress package exploitable by GeSHi local PHP file
>         inclusion?
> Date: Thu, 29 Sep 2005 14:20:48 +0200
>
> Hello,
>
> I've found the following security issue report today:
> http://securityreason.com/achievement_securityalert/23 (reported at
> http://www.heise.de/security/news/meldung/64410)
>
> Is wordpress affected by this issue? I wanted to ask first, before I
> maybe write an unfounded bug report.
>
> Regards, Daniel
>
>
> ----- End forwarded message -----
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


--
--Robert Deaton
http://somethingunpredictable.com


More information about the wp-hackers mailing list