Vulnerability CVE-2008-2392
Published: 2008-05-21   Modified: 2012-02-12

Description:
Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

See advisories in our WLB2 database:
Topic
Author
Date
High
Wordpress Malicious File Execution Vulnerability
tan_prathan
21.05.2008

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Wordpress -> Wordpress 

 References:
http://securityreason.com/securityalert/3897
http://www.securityfocus.com/archive/1/492230/100/0/threaded
http://www.securityfocus.com/bid/29276
https://exchange.xforce.ibmcloud.com/vulnerabilities/42561
Copyright 2024, cxsecurity.com

 

Back to Top