CVE-2009-2852 – WP Syntax < 0.9.10 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2009-2852

13 Apr 2009 — WP-Syntax plugin 0.9.1 and earlier for Wordpress, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via the test_filter[wp_head] array parameter to test/index.php, which is used in a call to the call_user_func_array function. WP-Syntax plugin v0.9.1 y anteriores de Wordpress, que activan register_globals, permiten a atacantes remotos ejecutar código PHP a su elección a través del parámetro del array test_filter[wp_head]de test/index.php, que es usado en la llamada a la fun... • https://www.exploit-db.com/exploits/9431 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •