WordPress 代码注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The WordPress plugin is a WordPress open source application plugin. can be renamed to a PHP-terminated extension, allowing an authenticated "translator" user to inject PHP code into a PHP-terminated...

CVE-2003-1252

register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using ...