ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Is-Human Plugin - Remote Command Execution Vulnerability

Product
Is-Human
Description
The vulnerability exists in /is-human/engine.php. It takes control of the eval() function via the "type" parameter, when the "action" is set to log-reset.
Solution
Point the $is_hum->get_* array variable into $is_hum->get_ih and point it to php stored function error_log() if you want to close the execution without error.
Classification
Type Arbitrary Code Execution
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.4.2
Fixed In 1.4.3
Disclosure date
2011-05-17
Credits
neworder