ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <= 1.3.0 - Eval Injection

Product
WordPress
Description
Because of this vulnerability in PEAR XML_RPC, attackers can execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
Solution
Update the WordPress to the latest available version (at least 1.4).
Classification
Type Arbitrary Code Execution
References
CVE Mitre
CVE
Name CVE-2005-1921
Versions
Affected In 1.3
Fixed In 1.4
Disclosure date
2005-06-08
Submitter
ThreatPress