Описание
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-2667
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26687
- http://retrogod.altervista.org/wordpress_202_xpl.html
- http://secunia.com/advisories/20271
- http://secunia.com/advisories/20608
- http://www.gentoo.org/security/en/glsa/glsa-200606-08.xml
- http://www.osvdb.org/25777
- http://www.securityfocus.com/archive/1/435039/100/0/threaded
- http://www.securityfocus.com/bid/18372
- http://www.vupen.com/english/advisories/2006/1992
EPSS
CVE ID
Связанные уязвимости
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
Direct static code injection vulnerability in WordPress 2.0.2 and earl ...
EPSS