Lucene search
HistoryAug 18, 2009 - 9:00 p.m.
CVE-2009-2852
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.5
Confidence
Low
EPSS
0.02
Percentile
89.0%
WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.
Affected configurations
Node
ryan.mcgearywp-syntaxRangeβ€0.9.1
wordpresswordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ryan.mcgeary | wp-syntax | * | cpe:2.3:a:ryan.mcgeary:wp-syntax:*:*:*:*:*:*:*:* |
| wordpress | wordpress | * | cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* |
Related
seebug
seebug
WordPress WP-Syntaxζδ»ΆθΏη¨PHP代η ζ§θ‘ζΌζ΄
2009-08-28 00:00:00
patchstack
patchstack
WordPress WP-Syntax Plugin <= 0.9.1 - Remote Command Execution
2009-08-27 00:00:00
WordPress Zedity Plugin <= 2.4.0 - Cross Site Scripting
2014-08-01 00:00:00
exploitdb
exploitdb
WordPress Plugin WP-Syntax 0.9.1 - Remote Command Execution
2009-08-27 00:00:00
nessus
nessus
WP-Syntax Plugin for WordPress 'apply_filters' function Command Execution
2009-08-14 00:00:00
wpvulndb
wpvulndb
WP-Syntax < 0.9.10 - Remote Comm& Execution
2014-08-01 00:00:00
cve
cve
CVE-2009-2852
2009-08-18 21:00:00
prion
prion
Code injection
2009-08-18 21:00:00
cvelist
cvelist
CVE-2009-2852
2009-08-18 20:41:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.5
Confidence
Low
EPSS
0.02
Percentile
89.0%
Related for NVD:CVE-2009-2852