| VID |
21996 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The WordPress program is vulnerable to a remote command execution vulnerability via backdoor files. WordPress is a freely available PHP-based publication program that uses a MySQL backend database. WordPress version 2.1.1 could allow a remote attacker to execute arbitrary commands via an eval injection vulnerability in the ix parameter to the wp-includes/feed.php script, and an untrusted passthru call in the iz parameter to the wp-includes/theme.php script. A remote attacker could exploit this vulnerability to execute arbitrary PHP code or malicious shell commands on the system with the privileges of the Web server. This vulnerability were reportedly added to the application by an attacker who compromised the vendor's server.
* References:
http://wordpress.org/development/2007/03/upgrade-212/
http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html
http://www.securityfocus.com/archive/1/461794/30/0/threaded
http://www.frsirt.com/english/advisories/2007/0812
http://secunia.com/advisories/24374/
http://www.kb.cert.org/vuls/id/214480
http://www.kb.cert.org/vuls/id/641456
* Platforms Affected:
Matthew Mullenweg, WordPress 2.1.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of WordPress (2.1.2 or later), available from the WordPress Download Web site at http://wordpress.org/download/ |
| Related URL |
CVE-2007-1277 (CVE) |
| Related URL |
22797 (SecurityFocus) |
| Related URL |
32804,32807 (ISS) |
|
