[wp-hackers] Security Vulnerability found - Forum Post
Graeme Lennon
graeme at samurai.com
Thu Apr 14 00:50:57 GMT 2005
I think people are getting defensive and dismissing this out of hand.
It's not critical, but neither is it nothing at all.
If I get access to the file editor, I get to execute completely
arbitrary PHP code on your server. Which means I can easily compromise
the Apache user on your server, which may mean all sorts of unpleasant
things.
g.
Matthew Mullenweg wrote:
> denis at semiologic.com wrote:
>
>> - fetch config.php through the file editor
>
>
> Incidentally, we don't allow this.
>
More information about the wp-hackers
mailing list