|
|
CVE Reference: CVE-2006-2667 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-2667 |
|
|
Description: Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/26687 SAID Secunia Advisory: SA20608 Secunia Advisory: SA20271 OSVDB 25777 MISC http://retrogod.altervista.org/wordpress_202_xpl.html GENTOO http://www.gentoo.org/security/en/glsa/glsa-200606-08.xml BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/435039/100/0/threaded BID 18372 |
|
| Return to the previous page. |
