ThreatPress

WordPress Vulnerabilities Database

Back

WordPress cache_lastpostdate - Arbitrary Code Execution

Product
WordPress
Description
WordPress version prior to 1.5.1.3 is remotely exploitable if the web server on which it runs has register_globals enabled in the PHP configuration. Perl code exists to automatically exploit vulnerable WP 1.5.1.3 sites, allowing the attacker to try to execute code.
Solution
Update WordPress.
Classification
Type Arbitrary Code Execution
References
Exploit-DB
CVE
Name CVE-2005-2612
Versions
Affected In <= 1.5.1.3
Fixed In 1.5.1.4
Disclosure date
2010-07-03
Credits
metasploit