‫ WordPress UnGallery Plugin "search" Arbitrary Command Execution Vulnerability

IRCAD2012102265
ID: IRCAD2012102265
Release Date: 2012-10-23
Criticality level: Highly critical
 
Software:
WordPress UnGallery Plugin 2.x
 
Description:
Charlie Eriksen has discovered a vulnerability in the UnGallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
Input passed via the "search" parameter to e.g. index.php (when "gallerylink" is set) is not properly verified in wp-content/plugins/ungallery/search.php before being used in the "find" command and can be exploited to execute arbitrary shell commands.
The vulnerability is confirmed in version 2.1.5. Other versions may also be affected.
 
Solution
Update to version 2.1.6 or later.
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 6 آبان 1391

امتیاز

امتیاز شما
تعداد امتیازها:0