On 11/2/06, Rick Beckman <[EMAIL PROTECTED]> wrote:
Using 2.0.5, I have had my whole hosting account wiped out twice via a user being able to upload a script (commonly called c99shell.php) which is able to do a number of malicious things. From what I have seen online via a few Google searches, users are able to upload via the File Upload in the Wordpress admin without logging in.
I do not know of a way to upload without logging in. Upload a php file without appropriate privileges? nor could I find information doing Google searches? If you have found a security flaw email [EMAIL PROTECTED] with the information first. _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
