ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 2.0.2 - Direct Static Code Injection

Product
WordPress
Description
Because of this vulnerability, the attackers can execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, when it is appended after a special comment sequence into files.
Solution
Update the WordPress to the latest available version (at least 2.0.3).
Classification
Type Direct static code injection
References
CVE Mitre
CVE
Name CVE-2006-2667
Versions
Affected In <= 2.0.2
Fixed In 2.0.3
Disclosure date
2006-05-30
Submitter
ThreatPress