Researchers say the PHP security flaw could leave countless WordPress websites open to exploit.
By Charlie Osborne | August 16, 2018
A severe WordPress vulnerability which has been left a year without being patched has the potential to disrupt countless websites running the CMS, researchers claim.
At the BSides technical cybersecurity conference in Manchester on Thursday, Secarma researcher Sam Thomas said the bug permits attackers to exploit the WordPress PHP framework, resulting in a full system compromise.
If the domain permits the upload of files, such as image formats, attackers can upload a crafted thumbnail file in order to trigger a file operation through the "phar://" stream wrapper.
Full Article.
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.