Hi,
On Sunday 28 September 2008, Andrea De Iacovo wrote:
> Hi
>
> Maybe you're right but the problem is still really not critical.
> wp-config.php looks for something like /etc/wordpress/config-$host.php
> so my question is: if someone has unauthorized and maliciuos access
> to /etc/wordpress (or,
Package: wordpress
Version: 2.5.1-7
Severity: important
Tags: security
The file as found in 2.5.1-7 takes the HTTP_HOST and uses it to find the
config-.php file to include.
This routine is prone to attacks by a local user via a especially crafted Host
header.
Feel free to increase the severity
2 matches
Mail list logo
