[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-5695

Date: (C)2008-12-19   (M)2017-10-04
 
CVSS Score: 8.5Access Vector: NETWORK
Exploitability Subscore: 6.8Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: SINGLE_INSTANCE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

Reference:
BID-27633
SECUNIA-28789
SREASON-4798
EXPLOIT-DB-5066
http://mu.wordpress.org/forums/topic.php?id=7534&page&replies=1
http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html
http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt

CPE    36
cpe:/a:wordpress:wordpress:2.0.9
cpe:/a:wordpress:wordpress:2.0.7
cpe:/a:wordpress:wordpress:2.2.3
cpe:/a:wordpress:wordpress:2.2.2
...
CWE    1
CWE-20

© 2013 SecPod Technologies