Summary
The host is running WordPress and is prone to Remote Code Execution vulnerability.
Impact
Successful exploitation allows remote attackers to execute arbitrary code by uploading a PHP script and adding this script pathname to active_plugins.
Impact Level: System/Application
Solution
Upgrade to version 1.3.2 and 2.3.3 or later
http://mu.wordpress.org/download/
Insight
The flaw is due to error under 'wp-admin/options.php' file. These can be exploited by using valid user credentials with 'manage_options' and upload_files capabilities.
Affected
WordPress, WordPress prior to 2.3.3
WordPress, WordPress MU prior to 1.3.2
References
Severity
Classification
-
CVE CVE-2008-5695 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- AproxEngine Multiple Remote Input Validation Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- Apache Archiva Multiple Remote Command Execution Vulnerabilities
- Advantech WebAccess Multiple Vulnerabilities
- 68designs 68kb Multiple Remote File Include Vulnerabilities