Network Security: Detailed info on Re: Wordpress Malicious File Execution Vulnerability

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

Subject:	Re: Wordpress Malicious File Execution Vulnerability
Date:	23 Jul 2008 19:44:51 -0000

Subject:

Re: Wordpress Malicious File Execution Vulnerability

Date:

23 Jul 2008 19:44:51 -0000

Regarding this report of May 2008: http://www.securityfocus.com/bid/29276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2392 The report is invalid. This is not a vulnerability or a security flaw. Quite frankly, I think it's a joke. The report itself states: "You must login into wordpress with Administrator Roles". If you have logged into WordPress with Admin roles, then you are the blog owner or administrator. The fact that you can then upload any sort of file you want is a feature, not a bug. The admin has unlimited rights to the site, because he is the admin. Obviously. Suggest this be marked as invalid everywhere it's been incorrectly marked as valid.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Wordpress Malicious File Execution Vulnerability, otto <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	[Full-disclosure] [USN-628-1] PHP vulnerabilities, Jamie Strandboge
Next by Date:	[ MDVSA-2008:153 ] - Updated emacs packages fix vulnerability, security
Previous by Thread:	[Full-disclosure] [USN-628-1] PHP vulnerabilities, Jamie Strandboge
Next by Thread:	[ MDVSA-2008:153 ] - Updated emacs packages fix vulnerability, security
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

[Full-disclosure] [USN-628-1] PHP vulnerabilities, Jamie Strandboge

Next by Date:

[ MDVSA-2008:153 ] - Updated emacs packages fix vulnerability, security

Previous by Thread:

[Full-disclosure] [USN-628-1] PHP vulnerabilities, Jamie Strandboge

Next by Thread:

[ MDVSA-2008:153 ] - Updated emacs packages fix vulnerability, security

Indexes:

[Date] [Thread] [Top] [All Lists]