ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Myflash Plugin <= 1.00 - Remote File Inclusion

Product
Myflash
Description
Because of this vulnerability in myflash-button.php, the attackers can execute arbitrary PHP code via a URL in the "wpPATH" parameter.
Solution
Update the plugin.
Classification
Type Remote File Inclusion
References
CVE Mitre
CVE
Name CVE-2007-2485
Versions
Affected In <= 1.00
Fixed In 1.01
Disclosure date
2007-05-03
Credits
Crackers_Child
Submitter
ThreatPress