PT-2006-5735 · Joomla · Jd-Wordpress

Published

2006-09-26

Updated

2008-09-05

CVE-2006-4992

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JD-WordPress for Joomla! (com jd-wp) versions 1.0 RC2 through 2.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig absolute path parameter in the following API endpoints: "wp-comments-post.php", "wp-feed.php", or "wp-trackback.php".

Recommendations For JD-WordPress for Joomla! (com jd-wp) versions 1.0 RC2 through 2.0, consider restricting access to the mosConfig absolute path parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the mosConfig absolute path parameter in the "wp-comments-post.php", "wp-feed.php", and "wp-trackback.php" endpoints to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4992

Affected Products

Jd-Wordpress

PT-2006-5735 · Joomla · Jd-Wordpress

CVE-2006-4992

Related Identifiers

Affected Products

References · 11