WordPress Parameter Directory Traversal Vulnerability
WordPress is prone to a ‘cat’ directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. This input validation error was originally reported by Sandor Attila Gerendi and exploiting the issue may allow an attacker to access sensitive information that could aid in further attacks.
An attacker can exploit this issue with a browser. The following example URL demonstrates the error:
http://www.yourblog.com/?cat=1.php/../searchform?
WordPress 2.3.3 is vulnerable; other versions may also be affected. WordPress TRAC has committed fixes to the application’s repository, more information can be found in here. The fix sanitizes “cat” query var and cast to int before looking for a category template.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.