[wp-hackers] WordPress: Arbitrary command execution?

Ryan Duff ryan at ryanduff.net
Mon Jun 12 09:13:38 GMT 2006


Computer Guru wrote:
> Have you finished reading the entry?
> 
> 
> 
> ----------------------------------------------------------------------------
> ----
>      Package             /  Vulnerable  /                   Unaffected
> ----------------------------------------------------------------------------
> ----
>   1  www-apps/wordpress       < 2.0.3                         >= 2.0.3
> 
> 
> 
> As you can see, it has been fixed - later on in that page:
> 
> Resolution
> All WordPress users should upgrade to the latest available version.

Did you finish reading the entry? Not fixed... disabled by default. The 
problem could potentially exist if the user data cache is enabled again.

"Impact

An attacker could exploit this vulnerability to execute arbitrary 
commands by sending a specially crafted username. As of Wordpress 2.0.2 
the user data cache is disabled as the default."


-- 
Ryan Duff
http://ryanduff.net
AIM: ryancduff
irc.freenode.net #wordpress #plogger


More information about the wp-hackers mailing list