PHP Remote File Inclusion Vulnerability in WordPress wp-Table Plugin
CVE-2007-2484

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-table
Vendor: CVE Published:; 3 May 2007

Summary

The wp-Table plugin for WordPress contains a vulnerability that allows attackers to exploit the register_globals PHP directive. When this directive is enabled, attackers can submit a specially crafted URL through the wpPATH parameter. This URL can lead to the execution of arbitrary PHP code on the server, compromising the security of the WordPress installation. It is crucial for site administrators to be aware of this vulnerability and apply the necessary mitigations to protect against potential exploitation.

References

https://www.exploit-db.com/exploits/3824

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/25063

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/34357

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
May 3, 2007
Vulnerability Reserved
May 3, 2007