ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 1.2 - Remote Code Execution

Product
WordPress
Description
Because of this vulnerability in The _httpsrequest function in Snoopy, the attackers can execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, that is not properly handled by the fetch function.
Solution
Update the WordPress to the latest available version (at least 1.3).
Classification
Type Arbitrary Code Execution
References
CVE Mitre
CVE
Name CVE-2005-3330
Versions
Affected In <= 1.2
Fixed In 1.3
Disclosure date
2005-10-27
Credits
D. Fabian
Submitter
ThreatPress