[wp-trac] [WordPress Trac] #44652: URL Hash Vulnerability
WordPress Trac
noreply at wordpress.org
Thu Jul 26 17:01:48 UTC 2018
#44652: URL Hash Vulnerability
--------------------------+-----------------------------
Reporter: sfasfsafds | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.9.7
Severity: normal | Keywords: needs-patch
Focuses: |
--------------------------+-----------------------------
A URL has been used to trigger errors on our site. You can use the
following URL (just replace the domain with that of a WordPress site) to
trigger the error. If you logged in as Admin you can see the following
warnings.
http://www.domain.com/?name%5b%2523markup%5d=echo%2520-n%2520%2527ZWNobyBwb25pZXM%253D%2527%2520%257C%2520base64%2520-d%2520%257C%2520bash&name%5b%2523post_render%5d%5b0%5d=passthru&q=/user/password
Notice: Array to string conversion in /var/www/html/wp-includes/class-
wp.php
Warning: trim() expects parameter 1 to be string, array given in
/var/www/html/wp-includes/class-wp-query.php
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44652>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list