|
|
Family: CGI abuses --> Category: attack
WordPress cache_lastpostdate Parameter PHP Code Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for cache_lastpostdate parameter PHP code injection vulnerability in WordPress
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is prone to PHP code
injection.
Description :
The installed version of WordPress on the remote host will accept and
execute arbitrary PHP code passed to the 'cache_lastpostdate'
parameter via cookies provided PHP's 'register_globals' setting is
enabled.
See also :
http://www.nessus.org/u?2c5481e5
Solution :
Disable PHP's 'register_globals' setting.
Threat Level:
Medium / CVSS Base Score : 6
(AV:R/AC:H/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
