Full Disclosure: Re: Code Execution vulnerability в WordPress

Re: Code Execution vulnerability в WordPress

From: Milan Berger <m.berger () project-mindstorm net>
Date: Sat, 30 Apr 2011 12:28:58 +0200

Agreed,
   I run WP and, unless the admin is malignant towards your server,
this is nothing but simple template editing wich can be done..
normally, as admin with perms.. ofc, if you have a bad apple in the
bunch, it will eventually showup in some way.. this is just a level
of trust given to WP-Admins, wich Could or could-NOT be compromised,
depends on your admins... I know on my site, thats not a possible
scenario to attack this and exploit, simply dont have admins :>


and just run a clean installation/configuration of php, so code
execution is not possible...
This "adivsory" is pure bullshit!


-- 
Kind Regards

Milan Berger
Project-Mindstorm Technical Engineer

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Code Execution vulnerability в WordPress MustLive (Apr 29)
- Re: [Full-disclosure] Code Execution vulnerabilit y в WordPress Christian Sciberras (Apr 29)
  - Re: [Full-disclosure] Code Execution vulnerabilit y в WordPress -= Glowing Doom =- (Apr 29)
    - Re: Code Execution vulnerability в WordPress Milan Berger (Apr 30)