Summary
The host is running WordPress and is prone to Remote Code Execution vulnerability.
Impact
Successful exploitation allows remote attackers to execute arbitrary code by uploading a PHP script and adding this script pathname to active_plugins.
Impact Level: System/Application
Solution
Upgrade to version 1.3.2 and 2.3.3 or later
http://mu.wordpress.org/download/
Insight
The flaw is due to error under 'wp-admin/options.php' file. These can be exploited by using valid user credentials with 'manage_options' and upload_files capabilities.
Affected
WordPress, WordPress prior to 2.3.3
WordPress, WordPress MU prior to 1.3.2
References
Severity
Classification
-
CVE CVE-2008-5695 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities