7.5
CVSSv2

CVE-2005-2612

CVSSv4: NA | CVSSv3: NA | CVSSv2: 7.5 | VMScore: 850 | EPSS: 0.31556 | KEV: Not Included
Published: 17/08/2005 Updated: 20/11/2024

Vulnerability Summary

Direct code injection vulnerability in WordPress 1.5.1.3 and previous versions allows remote malicious users to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress 1.0

wordpress wordpress 1.0.1

wordpress wordpress 1.0.2

wordpress wordpress 1.2

wordpress wordpress 1.5

wordpress wordpress 1.5.1

wordpress wordpress 1.5.1.2

wordpress wordpress 1.5.1.3

Exploits

## # $Id: php_wordpress_lastpostrb 9671 2010-07-03 06:21:31Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...