Description

The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.

Remediation

References

CVE-2011-3129

Related Vulnerabilities

OpenVPN AS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3824)

MySQL CVE-2020-14575 Vulnerability (CVE-2020-14575)

WordPress Plugin Connections Business Directory Unspecified Vulnerability (10.4.7)

ASP.NET MVC Improper Authentication Vulnerability (CVE-2018-8171)

XWiki CVE-2007-4898 Vulnerability (CVE-2007-4898)

Severity

Critical

Classification

CVE-2011-3129 CWE-264

Tags

Missing Update Known Vulnerabilities