Описание
WordPress 0.7 allows remote execution of commands. / Wp-links / links.all.php. An attacker can inject a url in $ abspath and get remote execution of commands with the privileges of the server web (usually nobody).
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| hardy | not-affected | 2.3.3-1ubuntu1 |
| lucid | not-affected | |
| natty | not-affected | |
| oneiric | not-affected | |
| precise | not-affected | |
| upstream | released | 0.7 |
Показывать по
10
EPSS
Процентиль: 75%
0.00913
Низкий
7.5 High
CVSS2
Связанные уязвимости
nvd
почти 11 лет назад
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.
github
больше 3 лет назад
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.
EPSS
Процентиль: 75%
0.00913
Низкий
7.5 High
CVSS2