Summary
The host is running WordPress and is prone to multiple vulnerabilities.
Impact
Attackers can exploit this issue to execute arbitrary PHP code by uploading malicious PHP files and to inject arbitrary web script or HTML code which will be executed in a user's browser session
Impact Level: System/Application
Solution
Update to Version 2.8.6
http://wordpress.org/download/
Insight
- The 'wp_check_filetype()' function in /wp-includes/functions.php does not properly validate files before uploading them.
- Input passed into the 's' parameter in press-this.php is not sanitised before being displayed to the user.
Affected
WordPress version prior to 2.8.6 on all running platform.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3890, CVE-2009-3891 -
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- /doc directory browsable ?
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Archiva Multiple Vulnerabilities