Remote Code Execution in WP-Syntax Plugin by WordPress
CVE-2009-2852

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-syntax
Vendor: CVE Published:; 18 August 2009

Summary

The WP-Syntax plugin version 0.9.1 and earlier, when run with register_globals enabled, presents a significant risk that allows remote attackers to execute arbitrary PHP code. This is achieved through manipulation of the test_filter[wp_head] array parameter in the test/index.php file, which is utilized in a call to the call_user_func_array function. This vulnerability can lead to severe security breaches if left unaddressed, compromising the integrity and confidentiality of affected systems.

References

http://www.exploit-db.com/exploits/9431

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/52457

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2009/2456

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Aug 18, 2009
Vulnerability Reserved
Aug 18, 2009