WordPress 1.5.1.3 – Upgrade Revisited

So in my earlier post i named 5 files that needed to be replaced (according to the wordpress site) in order to upgrade to 1.5.1.3 from 1.5.1.2 without deleting all the files regularly required.

Now i’m not so sure that this was all there is to it.
An FrSIRT Advisory reporting on the wordpress vulnerability names these 5 files, as well as vulnerabilities residing in these 4 files: “menu-header.php”, “wp-atom.php”, “wp-rss.php”, and “wp-rss2.php” files, which could be exploited by attackers to determine the installation path.

Not exactly sure what could be done with the knowledge of the installation path alone..
According to GulfTech (R&D): “these issues can aide an attacker in further attacks on the affected system by disclosing the full physical path on the affected server”.
Anyway, it is rated as a moderate risk by FrSIRT.

Post a Comment

Your email is never published nor shared. Required fields are marked *