WordPress Fixes Critical PHP Object Injection Issue Leading to Code Execution
#1
Quote:The latest WordPress security release fixes a remotely exploitable PHP object injection issue with a 10.0 Critical base score possibly allowing remote attackers to execute arbitrary code on the targeted system.

"Sam Thomas discovered that contributors could craft meta data in a way that resulted in PHP object injection," says the Wordpress team.

According to The OWASP Foundation, "PHP Object Injection is an application level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context."

This type of vulnerability resides in the improper sanitization of user input before it's being passed for processing to the unserialize() PHP function.

In the case of the security issue fixed in the WordPress 5.0.1 release, potential attackers that successfully compromise a target system could execute arbitrary code.
All WordPress users are advised to update to the 5.0.1 version to block possible attacks that could lead to a PHP object injection condition.

Source: https://news.softpedia.com/news/wordpres...4272.shtml
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>