Description

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

Remediation

References

CVE-2008-2392

Related Vulnerabilities

MySQL CVE-2017-10155 Vulnerability (CVE-2017-10155)

GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3250)

WordPress Plugin Social Login WP Cross-Site Request Forgery (5.0.0.0)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4791)

WordPress Plugin WP-FaceThumb 'pagination_wp_facethumb' Parameter Cross-Site Scripting (0.1)

Severity

Critical

Classification

CVE-2008-2392 CWE-20

Tags

Missing Update Known Vulnerabilities