Zingiri Plugin for WordPress 'ajax_save_name.php' Remote PHP Code Execution Vulnerability
BID:50700
Info
Zingiri Plugin for WordPress 'ajax_save_name.php' Remote PHP Code Execution Vulnerability
| Bugtraq ID: | 50700 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 17 2011 12:00AM |
| Updated: | Nov 17 2011 12:00AM |
| Credit: | EgiX |
| Vulnerable: |
WordPress Zingiri 2.2.3 WordPress Zingiri 0.9.12 |
| Not Vulnerable: | |
Discussion
Zingiri Plugin for WordPress 'ajax_save_name.php' Remote PHP Code Execution Vulnerability
Zingiri plugin for WordPress is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process.
Wordpress Zingiri Plugin versions 0.9.12 through 2.2.3 are vulnerable.
Zingiri plugin for WordPress is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary PHP code within the context of the affected webserver process.
Wordpress Zingiri Plugin versions 0.9.12 through 2.2.3 are vulnerable.
Exploit / POC
Zingiri Plugin for WordPress 'ajax_save_name.php' Remote PHP Code Execution Vulnerability
Attackers may exploit this issue through a browser.
The following exploit code is available:
Attackers may exploit this issue through a browser.
The following exploit code is available:
Solution / Fix
Zingiri Plugin for WordPress 'ajax_save_name.php' Remote PHP Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Zingiri Plugin for WordPress 'ajax_save_name.php' Remote PHP Code Execution Vulnerability
References:
References:
- WordPress Homepage (WordPress)
- Wordpress Zingiri Plugin Homepage (Wordpress)