Lucene search
Raz0rPATCHSTACK:D4E29B952A07FF66D59F7859CFD6F7B8HistoryAug 27, 2009 - 12:00 a.m.
WordPress WP-Syntax Plugin <= 0.9.1 - Remote Command Execution
2009-08-2700:00:00
Raz0r
patchstack.com
6
EPSS
0.02
Percentile
89.0%
In general, WP-Syntax plugin is the most popular plugin for WordPress to provide clean syntax highlighting for embedding source code within pages or posts. It uses the library, called GeShi, that implements all the functionality to review the syntax for each language HTML-code.
The vulnerability of this plugin is that the script works outside the context of WordPress. There is successfully executing arbitrary code, called call_user_func_array(). Also, there are several valid sequences of function
calls that let execute any code.
Solution
Update the plugin.
References
Related
seebug
seebug
WordPress WP-Syntaxζδ»ΆθΏη¨PHP代η ζ§θ‘ζΌζ΄
2009-08-28 00:00:00
exploitdb
exploitdb
WordPress Plugin WP-Syntax 0.9.1 - Remote Command Execution
2009-08-27 00:00:00
nvd
nvd
CVE-2009-2852
2009-08-18 21:00:00
nessus
nessus
WP-Syntax Plugin for WordPress 'apply_filters' function Command Execution
2009-08-14 00:00:00
wpvulndb
wpvulndb
WP-Syntax < 0.9.10 - Remote Comm& Execution
2014-08-01 00:00:00
patchstack
patchstack
WordPress Zedity Plugin <= 2.4.0 - Cross Site Scripting
2014-08-01 00:00:00
cve
cve
CVE-2009-2852
2009-08-18 21:00:00
prion
prion
Code injection
2009-08-18 21:00:00
cvelist
cvelist
CVE-2009-2852
2009-08-18 20:41:00