CVE-2003-1599
WordPress 0.70 - Remote Code Execution via wp-links/links.all.php $abspath Variable
Title source: llmDescription
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7785
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/4611
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12205
Various Sources x_refsource_misc
http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/06/3
Scores
EPSS
0.0091
EPSS Percentile
76.1%
Details
CWE
CWE-94
Status
published
Products (1)
wordpress/wordpress
0.70
Published
Oct 27, 2014
Tracked Since
Feb 18, 2026