WordPress fails to properly sanitize input to the ix parameter in wp-includes/feed.php, which could allow a remote, unauthenticated attacker to execute arbitrary PHP code.
WordPress is a blogging application that is written in PHP. WordPress 2.1.1 fails to properly sanitize input to the ix parameter in wp-includes/feed.php, PHP commands that are passed to the ix parameter are executed by the WordPress server.
A remote, unauthenticated attacker may be able to execute arbitrary PHP code on a vulnerable WordPress system.
Apply an update
This issue is addressed in WordPress 2.1.2.
This vulnerability was reported by Ivan Fratric.
This document was written by Will Dormann.
|Date First Published:||2007-03-05|
|Date Last Updated:||2007-03-07 16:01 UTC|