HTTP: WordPress WP Custom Pages Plugin url Parameter Local File Inclusion
This signature detects attempts to exploit a known local file inclusion vulnerability in Wordpress. It is due to insufficient validation of user-supplied input in WP Custom Pages Plugin. A remote attacker can exploit this by enticing a target to open a malicious URL link. A successful attack can result in arbitrary code execution and loss of sensitive information.
Extended Description
WordPress WP Custom Pages plugin is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability may allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. WP Custom Pages versions 0.5.0.1 and prior are vulnerable.
Affected Products
Wordpress wp_custom_pages
References
BugTraq: 47146
URL: http://wordpress.org/ http://wordpress.org/extend/plugins/wp-custom-pages/
Short Name
HTTP:PHP:WORDPRESS-WPCUSTOM-LFI
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Custom File Inclusion Local Pages Parameter Plugin WP WordPress bid:47146 url
Release Date
04/14/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Wordpress