CVE-2008-5695

Currently unrated

Key Information:

Vendor: Wordpress
Status: WordPress; WordPress Mu
Vendor: CVE Published:; 19 December 2008

Summary

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

References

http://securityreason.com/securityalert/4798

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/27633

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/5066

exploitx_refsource_EXPLOIT-DB

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 19, 2008
Vulnerability Reserved
Dec 19, 2008