Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
Published 2005-08-17 04:00:00
Updated 2008-09-05 20:52:14
Source MITRE
View at NVD,   CVE.org

Products affected by CVE-2005-2612

Exploit prediction scoring system (EPSS) score for CVE-2005-2612

8.19%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2005-2612

  • WordPress cache_lastpostdate Arbitrary Code Execution
    Disclosure Date: 2005-08-09
    First seen: 2020-04-26
    exploit/unix/webapp/wp_lastpost_exec
    This module exploits an arbitrary PHP code execution flaw in the WordPress blogging software. This vulnerability is only present when the PHP 'register_globals' option is enabled (common for hosting providers). All versions of WordPress prior to 1.5.1.3 are affecte

CVSS scores for CVE-2005-2612

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST
Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!