{"id":"CVE-2006-2667","details":"Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.","modified":"2025-08-09T19:01:26Z","published":"2006-05-30T21:02:00Z","references":[{"type":"FIX","url":"http://secunia.com/advisories/20271"},{"type":"ADVISORY","url":"http://secunia.com/advisories/20608"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/1992"},{"type":"EVIDENCE","url":"http://retrogod.altervista.org/wordpress_202_xpl.html"},{"type":"WEB","url":"http://www.gentoo.org/security/en/glsa/glsa-200606-08.xml"},{"type":"WEB","url":"http://www.osvdb.org/25777"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/435039/100/0/threaded"},{"type":"WEB","url":"http://www.securityfocus.com/bid/18372"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/26687"}],"schema_version":"1.7.3"}