← back
CVE-2009-2852

CVE-2009-2852

EPSS 4.8%
WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/9431unverifiedexploitdbwww.exploit-db.com/exploits/9431unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/52457http://www.exploit-db.com/exploits/9431http://www.securityfocus.com/bid/36040http://www.vupen.com/english/advisories/2009/2456