[Forgot Password]
Login  Register Subscribe

23631

 
 

126317

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-2852

Date: (C)2009-08-18   (M)2017-09-19 


WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-36040
EXPLOIT-DB-9431
ADV-2009-2456
wpsyntax-index-code-execution(52457)

CWE    1
CWE-20

© 2013 SecPod Technologies