Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
WordPress Fixes Critical PHP Object Injection Issue Leading to Code Execution
#1
Quote:The latest WordPress security release fixes a remotely exploitable PHP object injection issue with a 10.0 Critical base score possibly allowing remote attackers to execute arbitrary code on the targeted system.

"Sam Thomas discovered that contributors could craft meta data in a way that resulted in PHP object injection," says the Wordpress team.

According to The OWASP Foundation, "PHP Object Injection is an application level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context."

This type of vulnerability resides in the improper sanitization of user input before it's being passed for processing to the unserialize() PHP function.

In the case of the security issue fixed in the WordPress 5.0.1 release, potential attackers that successfully compromise a target system could execute arbitrary code.
All WordPress users are advised to update to the 5.0.1 version to block possible attacks that could lead to a PHP object injection condition.

Source: https://news.softpedia.com/news/wordpres...4272.shtml
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
jasonX's profile jasonX
Administrator

>