ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 2.0.2 - Shell Injection

Product
WordPress
Description
Because of this vulnerability in vars.php, the attackers can spoof their IP address via a PC_REMOTE_ADDR HTTP header and include a remote file.
Solution
Update the WordPress to the latest available version (at least 2.0.3).
Classification
Type Remote File Inclusion
References
CVE Mitre
CVE
Name CVE-2006-2702
Versions
Affected In <= 2.0.2
Fixed In 2.0.3
Disclosure date
2006-05-30
Submitter
ThreatPress