7 lines
No EOL
558 B
Text
7 lines
No EOL
558 B
Text
source: https://www.securityfocus.com/bid/22797/info
|
|
|
|
An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands.
|
|
|
|
The vendor has acknowledged this vulnerability and recommends that all users who have installed version 2.1.1 upgrade to version 2.1.2 or later. This issue appears limited to the 2.1.1 release.
|
|
|
|
http://www.example.com/wp-includes/theme.php?iz=cat /etc/passwd |