[wp-hackers] WordPress: Arbitrary command execution?
Ryan Duff
ryan at ryanduff.net
Mon Jun 12 09:13:38 GMT 2006
Computer Guru wrote:
> Have you finished reading the entry?
>
>
>
> ----------------------------------------------------------------------------
> ----
> Package / Vulnerable / Unaffected
> ----------------------------------------------------------------------------
> ----
> 1 www-apps/wordpress < 2.0.3 >= 2.0.3
>
>
>
> As you can see, it has been fixed - later on in that page:
>
> Resolution
> All WordPress users should upgrade to the latest available version.
Did you finish reading the entry? Not fixed... disabled by default. The
problem could potentially exist if the user data cache is enabled again.
"Impact
An attacker could exploit this vulnerability to execute arbitrary
commands by sending a specially crafted username. As of Wordpress 2.0.2
the user data cache is disabled as the default."
--
Ryan Duff
http://ryanduff.net
AIM: ryancduff
irc.freenode.net #wordpress #plogger
More information about the wp-hackers
mailing list