Description
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
Remediation
References
Related Vulnerabilities
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)
Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
WordPress 'templates.php' Cross-Site Scripting Vulnerability (0.6.2 - 2.1)