Description
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.
Remediation
References
Related Vulnerabilities
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690)
WordPress Plugin iThemes Security (formerly Better WP Security) Multiple Vulnerabilities (3.6.3)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9848)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (6.4.2)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-1443)