CVE-2005-2612

WordPress <1.5.1.3 - Code Injection

Title source: llm

Description

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/16895

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_lastpost_exec.rb

View Code ZIP pw:eip

References (2)

[Exploit] http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0234.html

[Vendor Advisory] http://secunia.com/advisories/16386

Scores

EPSS 0.7342

EPSS Percentile 98.8%

Classification

Status draft

Affected Products (8)

wordpress/wordpress

Timeline

Published Aug 17, 2005

Tracked Since Feb 18, 2026