WordPress Theme Tuner Plugin 'tt-abspath' Parameter Remote File Inclusion Vulnerability Network Vulnerability

Summary

This host is running WordPress and is prone to remote file inclusion vulnerability.

Impact

Successful exploitation will allow attacker to compromise the application and the underlying system other attacks are also possible. Impact Level: System/Application

Solution

Upgrade to WordPress Theme Tuner Plugin version 0.8 or later. For updates refer to http://wordpress.org/extend/plugins/theme-tuner/

Insight

The flaw is due to improper validation of user-supplied input to the 'tt-abspath' parameter in '/ajax/savetag.php', which allows attackers to execute arbitrary PHP code.

Affected

WordPress Theme Tuner Plugin version 0.7 and prior

References

http://osvdb.org/show/osvdb/78457
http://secunia.com/advisories/47722
http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos
http://wordpress.org/extend/plugins/theme-tuner/changelog
http://xforce.iss.net/xforce/xfdb/72626

Updated on 2017-03-28

Severity

Classification

CVE CVE-2012-0934

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Baby Gekko CMS Multiple Vulnerabilities
Admin News Tools Multiple Vulnerabilities
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
A Really Simple Chat Multiple SQL Injection Vulnerabilities

Take action and discover your vulnerabilities