|
|
Family: CGI abuses --> Category: attack
WordPress < 1.5.1.2 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in WordPress < 1.5.1.2
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains multiple PHP scripts that are prone to
various issues, including SQL injection and cross-site scripting
attacks.
Description :
The version of WordPress installed on the remote host is prone to
several vulnerabilities :
- A SQL Injection Vulnerability
The bundled XML-RPC library fails to sanitize user-supplied
input to the 'xmlrpc.php' script. A possible hacker can exploit
this flaw to launch SQL injection attacks which may lead to
disclosure of the administrator's password hash, attacks
against the underlying database, and the like.
- Multiple Cross-Site Scripting Vulnerabilities
A possible hacker can pass arbitrary HTML and script code through
the 'p' and 'comment' parameters of the 'wp-admin/post.php'
script, which could result in disclosure of administrative
session cookies.
- Lost Password Security Issue
The application fails to initialize the variable 'message'
in 'wp_login.php' when notifying a user about a lost
password. If PHP's 'register_globals' setting is enabled,
a possible hacker can exploit this flaw to insert his own
text before the stock message from WordPress.
- Path Disclosure Vulnerabilities
By calling several scripts directly, a possible hacker can learn
the application's full installation path.
See also :
http://www.gulftech.org/?node=research&article_id=00085-06282005
Solution :
Upgrade to WordPress version 1.5.1.3 or later.
Threat Level:
Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|
