Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress 用户名 直接静态代码注入漏洞
Vulnerability Description
WordPress是一款免费的论坛Blog系统。 WordPress对注册用户名的处理上存在问题,远程攻击者可能利用此漏洞在服务器上执行任意命令。 在注册或更新用户概况资料时WordPress没有正确的过滤输入便将资料存储到了Web根目录的wp-content/cache/userlogins/和wp-content/cache/users/目录的脚本中。攻击者可以利用这个漏洞通过换行字符注入并执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A