WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2009-08-18 14:00
Updated : 2017-09-18 18:29
NVD link : CVE-2009-2852
Mitre link : CVE-2009-2852
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
wordpress
- wordpress
ryan.mcgeary
- wp-syntax