Summary
The host is running WordPress and is prone to multiple vulnerabilities.
Impact
Attackers can exploit this issue to execute arbitrary PHP code by uploading malicious PHP files and to inject arbitrary web script or HTML code which will be executed in a user's browser session
Impact Level: System/Application
Solution
Update to Version 2.8.6
http://wordpress.org/download/
Insight
- The 'wp_check_filetype()' function in /wp-includes/functions.php does not properly validate files before uploading them.
- Input passed into the 's' parameter in press-this.php is not sanitised before being displayed to the user.
Affected
WordPress version prior to 2.8.6 on all running platform.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3890, CVE-2009-3891 -
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability