Remote File Inclusion Vulnerability in WordTube Plugin for WordPress
CVE-2007-2481

Currently unrated

Key Information:

Vendor: Wordpress
Status: Wordtube
Vendor: CVE Published:; 3 May 2007

Summary

A PHP remote file inclusion vulnerability exists in the wordTube plugin for WordPress, specifically in the wordtube-button.php file. When the register_globals feature is enabled, this vulnerability permits remote attackers to execute arbitrary PHP code through crafted URLs in the wpPATH parameter. Users of wordTube versions 1.43 and earlier are at risk, underscoring the importance of updating the plugin and properly configuring server settings to mitigate this security risk.

References

http://osvdb.org/34358

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/23737

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2007/1615

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
May 3, 2007
Vulnerability Reserved
May 3, 2007