Description
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
Remediation
References
Related Vulnerabilities
WordPress Plugin CP Reservation Calendar SQL Injection (1.1.6)
PostgreSQL Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2022-2625)
WordPress Plugin Calendar Event Multi View Security Bypass (1.4.06)
Oracle Application Server Other Vulnerability (CVE-2002-0655)
TwistedHTTP Request Splitting Vulnerability (CVE-2020-10108)