WordPress 4.6 Blind OS Command Execution
Impact: High
Description
PHPMailer before 5.2.18 allows remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code. It is possible to execute remote OS commands using the Host header in WordPress.
Recommendation
Updgrade WordPress to the latest stable version.
References
👉 You might also like:
Blind OS Command Execution - Vulnerability
OS Command Execution - Vulnerability
WordPress Plugin Wpfilemanager 6.8 RCE - CVE-2020-25213
Joomla! 1.5 < 3.4.5 RCE - CVE-2015-8562
Last updated on May 13, 2024