Description

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.

Remediation

References

CVE-2008-2392

Related Vulnerabilities

WebLogic Download of Code Without Integrity Check Vulnerability (CVE-2020-5398)

PHP Out-of-bounds Read Vulnerability (CVE-2017-9118)

MySQL Other Vulnerability (CVE-2010-3681)

WordPress Plugin Simple 301 Redirects by BetterLinks Unspecified Vulnerability (1.06)

WordPress Plugin FAQ Multiple Cross-Site Scripting Vulnerabilities (1.0.14)

Severity

Critical

Classification

CVE-2008-2392 CWE-20

Tags

Missing Update Known Vulnerabilities