ThreatPress

WordPress Vulnerabilities Database

Back

InfiniteWP Admin Panel 2.8.0 - command injection

Product
InfiniteWP Admin Panel
Description
WordPress plugin InfiniteWP Admin Panel (version 2.8.0) has command injection type vulnerability. Execution of arbitrary system commands using an authorization bypass or by visiting specially crafted URL by an authorized user.
Solution
Update InfiniteWP Admin Panel plugin to at least version 2.9.0 version.
Classification
Type BYPASS
OWASP Top 10 A1: Injection
References
Summer of Pwnage hacker event
CVE
Name CVE-N/A
Versions
Affected In 2.8.0
Fixed In 2.9.0
Disclosure date
2016-07-31
Credits
Summer of Pwnage hacker event