is_human() Plugin for WordPress 'type' Parameter Command Injection

high Nessus Plugin ID 54300

Language:

Synopsis

The remote web server hosts a PHP script that can be abused to execute arbitrary code.

Description

The version of the is_human() plugin for WordPress installed on the remote host does not sanitize input to the 'type' parameter of the 'engine.php' script when 'action' is set to 'log-reset' before using it in an 'eval()' call.

An unauthenticated, remote attacker can leverage this issue to execute arbitrary PHP code on the affected host, subject to the privileges under which the web server runs.

Solution

Unknown at this time.

Plugin Details

Severity: High

ID: 54300

File Name: ishuman_type_exec.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 5/18/2011

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:wordpress:wordpress

Required KB Items: installed_sw/WordPress, www/PHP

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 5/17/2011

Reference Information

BID: 47883

Detections

Analytics