[wp-trac] [WordPress Trac] #11104: 2.8.5 Injection Exploit
WordPress Trac
wp-trac at lists.automattic.com
Thu Nov 12 08:27:53 UTC 2009
#11104: 2.8.5 Injection Exploit
--------------------------+-------------------------------------------------
Reporter: bradyk | Owner: ryan
Type: defect (bug) | Status: new
Priority: high | Milestone: Unassigned
Component: Security | Version: 2.8.5
Severity: blocker | Keywords: dev-feedback 2nd-opinion exploit, injection, hack, malware, porn
--------------------------+-------------------------------------------------
Comment(by bradyk):
It wouldn't have to be a shared bug... the attack could be modified to
exploit various holes in different software with the same end result.
I also feel like if it was a (mt) issue, which I had expressed the
possibility of to them at one point, they'd be more interested in finding
a solution. I have a hard time believing that it's a server software
config issue that allows this - if an attacker knew of a way to get
software onto the server, with direct access to Apache, they wouldn't be
worrying about Wordpress or other relatively meaningless software.
--Kyle
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11104#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list