‫ WordPress is_human() Plugin #type# Code Injection Vulnerability

IRCAD2011051217
ID:IRCAD2011051217
Release Date: 2011-05-18
Criticality level: Highly critical
Software:
WordPress is_human() Plugin 1.x
 
Description:
A vulnerability has been discovered in the is_human() plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "type" parameter in engine.php (when e.g. "action" is set to "log-reset") is not properly verified before being used in an "eval()" function and can be exploited to inject and execute arbitrary PHP code.
The vulnerability is confirmed in version 1.4.2. Other versions may also be affected.
 
Solution:
Use a different product.
 
References:
xploit-DB:
 
Secunia:
http://secunia.com/advisories/44627/

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 9 اردیبهشت 1391

امتیاز

امتیاز شما
تعداد امتیازها:0