Sandor Attila Gerendi found a vulnerability within WordPress 2.3.3, which under certain circumstances allows an attacker to run arbitrary PHP code on WordPress 2.3.3.
Input passed via the “cat” parameter to index.php is not properly sanitised in the “get_category_template()” function in wp-includes/theme.php before being used to include files in template-loader.php. This can be exploited to include arbitrary PHP files from local resources via directory traversal attacks.
According to the advisory, successful exploitation allows execution of arbitrary PHP code, but requires privileges to store PHP files on an affected system and that WordPress is installed on a Windows platform.
The vulnerability is confirmed in version 2.3.3.
Solution:
Update to version 2.5.1.
If you wish to patch your 2.3.3 install, please see the WordPress Trac.