CVE-2006-4992

Name of the Vulnerable Software and Affected Versions JD-WordPress for Joomla! (com jd-wp) versions 1.0 RC2 through 2.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig absolute path parameter in the following API endpoints: "wp-comments-post.php", "wp-feed.php", or "wp-trackback.php".

Recommendations For JD-WordPress for Joomla! (com jd-wp) versions 1.0 RC2 through 2.0, consider restricting access to the mosConfig absolute path parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the mosConfig absolute path parameter in the "wp-comments-post.php", "wp-feed.php", and "wp-trackback.php" endpoints to minimize the risk of exploitation.