CVE-2007-5229
CVE-2007-5229
Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/30637/unverifiedexploitdbwww.exploit-db.com/exploits/30637unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blogsecurity.net/wordpress/feedburner-feed-hijacking/http://blogsecurity.net/wordpress/feedsmith-feedburner-vulnerability-fixed/http://blogs.feedburner.com/feedburner/archives/2007/10/the_feedsmith_plugin_newly_for.phphttp://marc.info/?l=full-disclosure&m=119145344606493&w=2http://secunia.com/advisories/27055https://exchange.xforce.ibmcloud.com/vulnerabilities/36940https://www.exploit-db.com/exploits/30637/http://www.securityfocus.com/bid/25921