Lucene search
RootSSV:12148HistoryAug 28, 2009 - 12:00 a.m.
WordPress WP-Syntax插件远程PHP代码执行漏洞
2009-08-2800:00:00
Root
www.seebug.org
12
EPSS
0.02
Percentile
89.0%
BUGTRAQ ID: 36040
CVE(CAN) ID: CVE-2009-2852
WordPress是一款免费的论坛Blog系统。
WP-Syntax是wordpress使用的用于高亮显示代码的插件。该插件的wp-syntax/test/index.php模块没有正确地过滤对test_filter[]所传送的参数便在call_user_func_array()调用中使用:
function apply_filters($tag, $string)
{
global $test_filter;
if (!isset($test_filter[$tag])) return $string;
uksort($test_filter[$tag], "strnatcasecmp");
foreach ($test_filter[$tag] as $priority => $functions)
{
if (is_null($functions)) continue;
foreach($functions as $function)
{
$string = call_user_func_array($function, array($string));
}
}
return $string;
}
这允许远程攻击者通过提交恶意GET请求注入并执行PHP代码。成功攻击要求打开了register_globals。
WordPress WP-Syntax <= 0.9.1
厂商补丁:
WordPress
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://wordpress.org/development/2009/08/2-8-4-security-release/
http://sebug.net/exploit/12147/
Related
patchstack
patchstack
WordPress WP-Syntax Plugin <= 0.9.1 - Remote Command Execution
2009-08-27 00:00:00
WordPress Zedity Plugin <= 2.4.0 - Cross Site Scripting
2014-08-01 00:00:00
exploitdb
exploitdb
WordPress Plugin WP-Syntax 0.9.1 - Remote Command Execution
2009-08-27 00:00:00
nvd
nvd
CVE-2009-2852
2009-08-18 21:00:00
nessus
nessus
WP-Syntax Plugin for WordPress 'apply_filters' function Command Execution
2009-08-14 00:00:00
wpvulndb
wpvulndb
WP-Syntax < 0.9.10 - Remote Comm& Execution
2014-08-01 00:00:00
cve
cve
CVE-2009-2852
2009-08-18 21:00:00
prion
prion
Code injection
2009-08-18 21:00:00
cvelist
cvelist
CVE-2009-2852
2009-08-18 20:41:00