WordPress Input Validation Flaw Lets Remote Users Inject SQL Commands and Execute Arbitrary PHP Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Forum/Board/Portal) > WordPress

Vendors: wordpress.org

WordPress Input Validation Flaw Lets Remote Users Inject SQL Commands and Execute Arbitrary PHP Code

SecurityTracker Alert ID: 1006937

SecurityTracker URL: http://securitytracker.com/id/1006937

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jun 6 2003

Impact: Execution of arbitrary code via network, User access via network

Exploit Included: Yes

Version(s): 0.7

Description: Several vulnerabilities were reported in WordPress. A remote user can execute arbitrary code on the target server. A remote user can also inject SQL commands to gain administrative privileges on the application.

FraMe (frame at kernelpanik.org) reported that a remote user can execute commands using the '/wp-links/links.all.php' script by specifying a remote location for the $$abspath variable. The PHP code located at the remote location will be executed on the target server with the privileges of the web server, according to the report.

It is also reported that a remote user can inject SQL commands via the $$posts variable in the '/blog.header.php' script. A remote user can obtain administrative privileges on the application. This vulnerability is present in the b2 cafelog software (WordPress is an add-on to b2).

Impact: A remote user can insert SQL commands to gain administrative privileges on the application.

A remote user can cause arbitrary PHP code, including operating system commands, to be executed on the target server with the privileges of the web server.

Solution: No solution was available at the time of this entry.

Vendor URL: wordpress.org/ (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: None.

Source Message Contents

Date: Thu, 05 Jun 2003 18:19:17 -0400
Subject: WordPress 0.7 vulnerability


http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt

FraMe (frame at kernelpanik.org) reported a vulnerability in WordPress 0.7, and add-on to 
the b2 blog software.

It is reported that a remote user can execute commands using the '/wp-links/links.all.php' 
script by specifying a remote location for the $$abspath variable.  The PHP code located 
at the remote location will be executed on the target server with the privileges of the 
web server, according to the report.

It is also reported that a remote user can inject SQL commands via the $$posts variable in 
the '/blog.header.php' script.  A remote user can obtain administrative privileges on the 
application.

http://wordpress.org/

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC