[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wordpress File Inclusion

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Wordpress File Inclusion
From: Expanders <expanders@xxxxxxxxxxx>
Date: Mon, 13 Nov 2006 19:09:19 +0100

------------- wp-include/functions.php line:2166 ------------------
function load_template($file) {

global $posts, $post, $wp_did_header, $wp_did_template_redirect,$wp_query,

       $wp_rewrite, $wpdb;

   extract($wp_query->query_vars);

   require_once($file);
}
-----------------------------------------------------------------

you cannot control a variable directly into a function. so this is not avulnerability


Cheers

Expanders

References:
- Wordpress File Inclusion
  - From: vannovax

Prev by Date: VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2
Next by Date: [ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows
Previous by thread: Wordpress File Inclusion
Next by thread: Re: Wordpress File Inclusion
Index(es):
- Date
- Thread