Wordpress W3 Total Cache 0.9.2.8 Remote Code Exec

2013-04-24 / 2013-05-01
Risk: High
Local: No
Remote: Yes
CWE: CWE-74


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Is there any way to get the WordPress community involved in actually handling security issues properly? E.g. requesting CVE's, or heck, I'll settle for being notified via email directly. I found out about this stuff on Reddit (linked to Tony Perez's blog posting) so I read the code and voila: http://wordpress.org/extend/plugins/w3-total-cache/ +* Improved security for mfunc, now disabled by default and requires security string in order to execute + if (!defined('W3TC_DYNAMIC_SECURITY')) + return; + $buffer = preg_replace_callback('~<!--\s*mfunc\s*' . W3TC_DYNAMIC_SECURITY . '(.*)-->(.*)<!--\s*/mfunc\s*' . W3TC_DYNAMIC_SECURITY . '\s*-->~Uis', array( Please use CVE-2013-2010 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT)

References:

http://seclists.org/oss-sec/2013/q2/172
http://cxsecurity.com/issue/WLB-2013050003


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top