Secunia Security Advisory - Sandor Attila Gerendi has discovered a vulnerability in WordPress, which can potentially be exploited by malicious users to compromise a vulnerable system.
c756bcd1e7995a49445252e8750806b1----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
4 days left of beta period.
The 1st generation of the Secunia Network Software Inspector (NSI)
has been available for corporate users for almost 1 year and its been
a tremendous success.
The 2nd generation Secunia NSI is built on the same technology as the
award winning Secunia PSI, which has already been downloaded and
installed on more than 400,000 computers world wide.
Learn more / Download (instant access):
http://secunia.com/network_software_inspector_2/
----------------------------------------------------------------------
TITLE:
WordPress "cat" Directory Traversal Vulnerability
SECUNIA ADVISORY ID:
SA29949
VERIFY ADVISORY:
http://secunia.com/advisories/29949/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
WordPress 2.x
http://secunia.com/product/6745/
DESCRIPTION:
Sandor Attila Gerendi has discovered a vulnerability in WordPress,
which can potentially be exploited by malicious users to compromise a
vulnerable system.
Input passed via the "cat" parameter to index.php is not properly
sanitised in the "get_category_template()" function in
wp-includes/theme.php before being used to include files in
template-loader.php. This can be exploited to include arbitrary PHP
files from local resources via directory traversal attacks.
Successful exploitation allows execution of arbitrary PHP code, but
requires privileges to store PHP files on an affected system and that
WordPress is installed on a Windows platform.
The vulnerability is confirmed in version 2.3.3.
SOLUTION:
Fixed in the SVN repository.
http://trac.wordpress.org/changeset/7586
PROVIDED AND/OR DISCOVERED BY:
Sandor Attila Gerendi
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!