A British researcher has published details of a serious WordPress flaw left unfixed for over a year which could allow for complete system compromise.
Sam Thomas, head of research at Secarma, presented the paper — It’s a PHP Unserialization Vulnerability Jim, but Not as We Know It — to attendees at the BSides conference in Manchester on Thursday.
By uploading a specially crafted file to the targeted app, attackers can trigger a file operation through the “phar://” stream wrapper.
By Phil Muncaster
To read the full article click here.