Family: CGI abuses --> Category: attack
WordPress code/sql injection Vulnerability Scan
Vulnerability Scan Summary
Searches for the existence of WordPress
Detailed Explanation for this Vulnerability Test
The remote web server contains PHP scripts that allow for arbitrary PHP
code execution and local file disclosure as well as SQL injection
It is possible to make the remote host include php files hosted on a
third-party server using the WordPress CGI suite which is installed
(which is also vulnerable to a SQL injection attack).
A possible hacker may use this flaw to inject arbitrary PHP code in the remote
host and gain a shell with the rights of the web server or to take
the control of the remote database.
See also :
Upgrade to the latest version.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.