WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Improper Input Validation Vulnerability (CVE-2008-5695)

Description

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

Remediation

References

Related Vulnerabilities

MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)

Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)

WordPress 'templates.php' Cross-Site Scripting Vulnerability (0.6.2 - 2.1)

phpMyFAQ Other Vulnerability (CVE-2004-2257)

MySQL CVE-2021-35637 Vulnerability (CVE-2021-35637)

Severity

High

Classification

CVE-2008-5695 CWE-20

Tags

Missing Update Known Vulnerabilities